Hi, CVE-2011-2370 is marked as affecting iceweasel versions >= 5.0, where the issue is fixed (MFSA-2011-28), and on versions < 4.0 where the issue (supposedly) doesn't exist. xulrunner versions 1.9.x are supposedly non affected, as well as all versions of iceape and icedove. Cheers, Mike