Package: iceweasel Version: 38.7.1esr-1~deb8u1 Severity: normal Tags: security
Iceweasel is compiled without RELRO protection against memory corruption as can be shown by executing: readelf -l /usr/bin/iceweasel | grep 'GNU_RELRO' readelf -d /usr/bin/iceweasel | grep 'BIND_NOW' Or run the script available at http://www.trapkit.de/tools/checkrelro.sh Please add -Wl,-z,relro,-z,now to CFLAGS in debian/rules. cf. https://wiki.debian.org/Hardening#line-307 Best regards Heinrich Schuchardt