- **Package**: Iceape - **Vulnerability Type**: Several - **Problem Type**: Remote - **Debian-specific**: No - **CVE IDs**: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376 - **Vulnerability Details**: - **CVE-2011-0083/CVE-2011-2363**: "regenrecht" discovered two use-after-free vulnerabilities in SVG processing, potentially leading to arbitrary code execution. - **CVE-2011-0085**: "regenrecht" discovered a use-after-free vulnerability in XUL processing, potentially leading to arbitrary code execution. - **CVE-2011-2362**: David Chan found cookies to be insufficiently isolated. - **CVE-2011-2371**: Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the JavaScript engine, potentially leading to arbitrary code execution. - **CVE-2011-2373**: Martin Barbella discovered a use-after-free vulnerability in XUL processing, potentially leading to arbitrary code execution. - **CVE-2011-2374**: Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman, and Christian Biesinger discovered memory corruption bugs that could lead to arbitrary code execution. - **CVE-2011-2376**: Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to arbitrary code execution. - **Affected Distributions**: - The lenny distribution is not affected as it only contains the XPCOM code. - The stable distribution (squeeze) has been fixed in version 2.0.11-6. - The unstable distribution (sid) has been fixed in version 2.0.14-3. - **Recommendation**: Upgrade your Iceape packages.