English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58688
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1391-1 (icedove)
Summary:Debian Security Advisory DSA 1391-1 (icedove)
Description:The remote host is missing an update to icedove
announced via advisory DSA 1391-1.

Several remote vulnerabilities have been discovered in the Icedove mail client,
an unbranded version of the Thunderbird client. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2007-3734

Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.

CVE-2007-3735

Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3844

moz_bug_r_a4 discovered that a regression in the handling of
about:blank windows used by addons may lead to an attacker being
able to modify the content of web sites.

CVE-2007-3845

Jesper Johansson discovered that missing sanitising of double-quotes
and spaces in URIs passed to external programs may allow an attacker
to pass arbitrary arguments to the helper program if the user is
tricked into opening a malformed web page.

CVE-2007-5339

L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.

CVE-2007-5340

Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code. Generally,
enabling Javascript in Icedove is not recommended.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with security updates.

For the stable distribution (etch) these problems have been fixed in version
1.5.0.13+1.5.0.14b.dfsg1-0etch1. Builds for hppa will be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your icedove packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201391-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474542/100/0/threaded
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
http://www.ubuntu.com/usn/usn-503-1
BugTraq ID: 24946
http://www.securityfocus.com/bid/24946
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10108
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/2565
http://www.vupen.com/english/advisories/2008/0082
http://www.vupen.com/english/advisories/2007/4256
http://www.securitytracker.com/id?1018408
http://secunia.com/advisories/26095
http://secunia.com/advisories/26096
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/25589
http://secunia.com/advisories/26179
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26072
http://secunia.com/advisories/26176
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26159
http://secunia.com/advisories/26271
http://secunia.com/advisories/26258
http://secunia.com/advisories/26460
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/28363
http://secunia.com/advisories/28135
XForce ISS Database: mozilla-browser-engine-code-execution(35458)
http://xforce.iss.net/xforce/xfdb/35458
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11066
XForce ISS Database: mozilla-javascript-eng-code-execution(35459)
http://xforce.iss.net/xforce/xfdb/35459
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
Bugtraq: 20070801 FLEA-2007-0039-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/475265/100/200/threaded
Bugtraq: 20070803 FLEA-2007-0040-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/475450/30/5550/threaded
Debian Security Information: DSA-1344 (Google Search)
http://www.debian.org/security/2007/dsa-1344
Debian Security Information: DSA-1345 (Google Search)
http://www.debian.org/security/2007/dsa-1345
Debian Security Information: DSA-1346 (Google Search)
http://www.debian.org/security/2007/dsa-1346
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.ubuntu.com/usn/usn-493-1
BugTraq ID: 25142
http://www.securityfocus.com/bid/25142
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9493
http://www.vupen.com/english/advisories/2007/3587
http://securitytracker.com/id?1018479
http://securitytracker.com/id?1018480
http://securitytracker.com/id?1018481
http://secunia.com/advisories/26288
http://secunia.com/advisories/26234
http://secunia.com/advisories/26309
http://secunia.com/advisories/26331
http://secunia.com/advisories/26335
http://secunia.com/advisories/26303
http://secunia.com/advisories/26393
http://secunia.com/advisories/27276
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27356
http://secunia.com/advisories/27298
http://secunia.com/advisories/27414
http://secunia.com/advisories/27680
Common Vulnerability Exposure (CVE) ID: CVE-2007-3845
BugTraq ID: 25053
http://www.securityfocus.com/bid/25053
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482925/100/0/threaded
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482876/100/200/threaded
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482932/100/200/threaded
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322,330563,341858,344064,348126,354645,361745,362901,378670,378682,379799,382376,384105,386382,386914,387033,387460,387844,391974,392285,393770,394014,394418
Debian Security Information: DSA-1396 (Google Search)
http://www.debian.org/security/2007/dsa-1396
Debian Security Information: DSA-1401 (Google Search)
http://www.debian.org/security/2007/dsa-1401
Debian Security Information: DSA-1392 (Google Search)
http://www.debian.org/security/2007/dsa-1392
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
http://security.gentoo.org/glsa/glsa-200711-24.xml
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
SuSE Security Announcement: SUSE-SR:2008:002 (Google Search)
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.ubuntulinux.org/support/documentation/usn/usn-535-1
http://www.ubuntu.com/usn/usn-536-1
CERT/CC vulnerability note: VU#559977
http://www.kb.cert.org/vuls/id/559977
BugTraq ID: 26132
http://www.securityfocus.com/bid/26132
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10459
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3545
http://www.vupen.com/english/advisories/2007/4272
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
http://securitytracker.com/id?1018834
http://securitytracker.com/id?1018835
http://secunia.com/advisories/27335
http://secunia.com/advisories/27383
http://secunia.com/advisories/27425
http://secunia.com/advisories/27403
http://secunia.com/advisories/27480
http://secunia.com/advisories/27387
http://secunia.com/advisories/27311
http://secunia.com/advisories/27313
http://secunia.com/advisories/27315
http://secunia.com/advisories/27336
http://secunia.com/advisories/27665
http://secunia.com/advisories/27704
http://secunia.com/advisories/28179
http://secunia.com/advisories/27360
http://secunia.com/advisories/28398
http://secunia.com/advisories/28636
http://secunia.com/advisories/27744
XForce ISS Database: mozilla-multiple-browser-code-execution(37281)
http://xforce.iss.net/xforce/xfdb/37281
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309,387955,390078,393537
CERT/CC vulnerability note: VU#755513
http://www.kb.cert.org/vuls/id/755513
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9622
XForce ISS Database: mozilla-multiple-java-code-execution(37282)
http://xforce.iss.net/xforce/xfdb/37282
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.