Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1391-1 (icedove)
The remote host is missing an update to icedove
announced via advisory DSA 1391-1.

Several remote vulnerabilities have been discovered in the Icedove mail client,
an unbranded version of the Thunderbird client. The Common Vulnerabilities and
Exposures project identifies the following problems:


Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.


Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
javascript engine, which might allow the execution of arbitrary code.


moz_bug_r_a4 discovered that a regression in the handling of
about:blank windows used by addons may lead to an attacker being
able to modify the content of web sites.


Jesper Johansson discovered that missing sanitising of double-quotes
and spaces in URIs passed to external programs may allow an attacker
to pass arbitrary arguments to the helper program if the user is
tricked into opening a malformed web page.


L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.


Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code. Generally,
enabling Javascript in Icedove is not recommended.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with security updates.

For the stable distribution (etch) these problems have been fixed in version Builds for hppa will be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your icedove packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
BugTraq ID: 24946
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
Debian Security Information: DSA-1337 (Google Search)
Debian Security Information: DSA-1338 (Google Search)
Debian Security Information: DSA-1339 (Google Search)
Debian Security Information: DSA-1391 (Google Search)
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: HPSBUX02156
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
SGI Security Advisory: 20070701-01-P
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
XForce ISS Database: mozilla-browser-engine-code-execution(35458)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
XForce ISS Database: mozilla-javascript-eng-code-execution(35459)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
BugTraq ID: 25142
Bugtraq: 20070801 FLEA-2007-0039-1 firefox (Google Search)
Bugtraq: 20070803 FLEA-2007-0040-1 thunderbird (Google Search)
Debian Security Information: DSA-1344 (Google Search)
Debian Security Information: DSA-1345 (Google Search)
Debian Security Information: DSA-1346 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3845
BugTraq ID: 25053
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
BugTraq ID: 26132
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
CERT/CC vulnerability note: VU#559977
Debian Security Information: DSA-1392 (Google Search)
Debian Security Information: DSA-1396 (Google Search)
Debian Security Information: DSA-1401 (Google Search),330563,341858,344064,348126,354645,361745,362901,378670,378682,379799,382376,384105,386382,386914,387033,387460,387844,391974,392285,393770,394014,394418
SuSE Security Announcement: SUSE-SR:2008:002 (Google Search)
XForce ISS Database: mozilla-multiple-browser-code-execution(37281)
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
CERT/CC vulnerability note: VU#755513,387955,390078,393537
XForce ISS Database: mozilla-multiple-java-code-execution(37282)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.