|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|References||DSA-2341-1, DSA-2342-1, DSA-2345-1|
|NVD severity||high (attack range: remote, user-initiated)|
|Debian/stable||package xulrunner is vulnerable. |
Vulnerable and fixed packages
The table below lists information on source packages.
|iceape (PTS)||squeeze (security)||2.0.11-17||fixed|
|icedove (PTS)||squeeze (security), squeeze||3.0.11-1+squeeze15||fixed|
|iceweasel (PTS)||squeeze (security), squeeze||3.5.16-20||fixed|
|xulrunner (PTS)||wheezy, wheezy (security)||24.8.1esr-2~deb7u1||vulnerable|
The information below is based on the following data on fixed versions.
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
[lenny] - iceape <not-affected> (Only a stub package)
xulrunner in wheezy is not covered by security support