Bug#795576: marked as done (iceweasel: Supports prefetching links on hover)

[Debian Bug Tracking System]

Your message dated Fri, 12 Sep 2025 10:30:19 +0200
with message-id <e4976d44-d25e-70a4-0bc7-fdb197b7c...@debian.org>
and subject line iceweasel has been superseded by firefox-esr
has caused the Debian Bug report #795576,
regarding iceweasel: Supports prefetching links on hover
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
795576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795576
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: iceweasel
Version: 38.1.0esr-3
Severity: grave
Tags: security upstream
Justification: user security hole

Dear Maintainer,

This is related to mozilla bug 814169, Where a user using default
settings hover over a link without clicking on it ( which trigger  a link 
prefetch case). this will leak device
information and provide access to user wallet.

Many services are pay per use, and merely clinking on a link will cause
the provider to sucbsribe to the services. And in cases of pay per-ad this
will cause unwanted charges for the user.

I belive that at least network-prefetch-next and 
network.http.speculative-parallel-limit should be disabled by default.

https://bugzilla.mozilla.org/show_bug.cgi?id=814169 the workarounds for
that bug is to disable the network-prefetch-next and 
network.http.speculative-parallel-limit


-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: ${PROFILE_EXTENSIONS}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Status: enabled

Name: BetterPrivacy
Location: ${PROFILE_EXTENSIONS}/{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
Status: enabled

Name: Default theme
Location: 
/usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled

Name: Flashblock
Location: ${PROFILE_EXTENSIONS}/{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Status: enabled

Name: HTTPS-Everywhere
Location: ${PROFILE_EXTENSIONS}/https-everywh...@eff.org
Status: enabled

Name: NoScript
Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
Status: enabled

Name: Places Maintenance
Location: ${PROFILE_EXTENSIONS}/places-maintena...@bonardo.net.xpi
Status: enabled

-- Plugins information
Name: MozPlugger 1.14.5 handles QuickTime and Windows Media Player Plugin 
(1.14.5)
Location: /usr/lib/mozilla/plugins/mozplugger.so
Package: mozplugger
Status: disabled


-- Addons package information
ii  iceweasel      38.1.0esr-3  amd64        Web browser based on Firefox
ii  mozplugger     1.14.5-2     amd64        Plugin allowing external viewers 

-- System Information:
Debian Release: stretch/sid
  APT prefers stable
  APT policy: (1001, 'stable'), (900, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iceweasel depends on:
ii  debianutils               4.5.1
ii  fontconfig                2.11.0-6.3
ii  libasound2                1.0.29-1
ii  libatk1.0-0               2.16.0-2
ii  libc6                     2.19-19
ii  libcairo2                 1.14.2-2
ii  libdbus-1-3               1.8.20-1
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-2
ii  libffi6                   3.2.1-3
ii  libfontconfig1            2.11.0-6.3
ii  libfreetype6              2.5.2-4
ii  libgcc1                   1:5.2.1-14
ii  libgdk-pixbuf2.0-0        2.31.5-1
ii  libglib2.0-0              2.44.1-1.1
ii  libgtk2.0-0               2.24.28-1
ii  libhunspell-1.3-0         1.3.3-3
ii  libnspr4                  2:4.10.8-2
ii  libnss3                   2:3.19.2-1
ii  libpango-1.0-0            1.36.8-3
ii  libsqlite3-0              3.8.11.1-1
ii  libstartup-notification0  0.12-4
ii  libstdc++6                4.9.2-10
ii  libvpx2                   1.4.0-4
ii  libx11-6                  2:1.6.3-1
ii  libxcomposite1            1:0.4.4-1
ii  libxdamage1               1:1.1.4-2+b1
ii  libxext6                  2:1.3.3-1
ii  libxfixes3                1:5.0.1-2+b2
ii  libxrender1               1:0.9.8-1+b1
ii  libxt6                    1:1.1.4-1+b1
ii  procps                    2:3.3.10-2
ii  zlib1g                    1:1.2.8.dfsg-2+b1

Versions of packages iceweasel recommends:
ii  gstreamer1.0-libav         1.4.5-3
ii  gstreamer1.0-plugins-good  1.4.5-2+b1

Versions of packages iceweasel suggests:
ii  fonts-mathjax          2.5.3-1
pn  fonts-oflb-asana-math  <none>
ii  fonts-stix [otf-stix]  1.1.1-3
ii  libcanberra0           0.30-2.1
ii  libgnomeui-0           2.24.5-3
ii  libgssapi-krb5-2       1.13.2+dfsg-2
ii  mozplugger             1.14.5-2

-- no debconf information

--- End Message ---

--- Begin Message ---

Version: 115.12.0esr-1+rm

src:iceweasel has been superseded by src:firefox-esr in version 45.0esr-1 in March 2016. Transitional packages to ease upgrades were provided in the wheezy, jessie, stretch and buster releases. The transitional packages have been removed finally before the bullseye release in August 2021. After regular security support for buster ended in August 2022 and LTS support ended in June 2024, I'm closing the remaining bug reports now.

Andreas

--- End Message ---