The vulnerabilities include bugs in the layout engine which could allow a denial of service attack and the execution of arbitrary code.
Vulnerabilities in the JavaScript engine could allow the same attacks, and a 'shutdown' flaw could allow remote attackers to gain privileges and install malicious code via the watch JavaScript function.
For the stable distribution of Debian, known as 'sarge', these problems have been fixed in version 1.0.4-2sarge15.
For the testing and unstable distribution, known as 'sid' and 'etch', these problems have been fixed in version 2.0.0.1+dfsg-2 of 'Iceweasel'.
Debian recommends that users upgrade their Firefox and Iceweasel packages.
There have been no announcements from Mozilla or other Linux distributions, although Debian warned that the bugs are not Debian specific.
_(20).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
