| Name | CVE-2011-0054 |
| Description | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-2180-1, DSA-2186-1, DSA-2187-1 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| iceape | source | lenny | (not affected) | |||
| iceape | source | squeeze | 2.0.11-3 | DSA-2180-1 | ||
| iceape | source | (unstable) | 2.0.12-1 | |||
| icedove | source | lenny | (unfixed) | end-of-life | ||
| icedove | source | squeeze | 3.0.11-1+squeeze1 | DSA-2187-1 | ||
| icedove | source | (unstable) | 3.0.11-2 | |||
| iceweasel | source | lenny | (not affected) | |||
| iceweasel | source | squeeze | 3.5.16-5 | DSA-2186-1 | ||
| iceweasel | source | (unstable) | 3.5.17-1 | |||
| xulrunner | source | (unstable) | (not affected) |
- xulrunner <not-affected> (Vulnerable code not present)
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
[lenny] - iceape <not-affected> (Only a stub package)