English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58688
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1391-1)
Summary:The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-1391-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-1391-1 advisory.

Vulnerability Insight:
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3734

Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code.

CVE-2007-3735

Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.

CVE-2007-3844

moz_bug_r_a4 discovered that a regression in the handling of about:blank windows used by addons may lead to an attacker being able to modify the content of web sites.

CVE-2007-3845

Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

CVE-2007-5339

L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code.

CVE-2007-5340

Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. Generally, enabling Javascript in Icedove is not recommended.

The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates.

For the stable distribution (etch) these problems have been fixed in version 1.5.0.13+1.5.0.14b.dfsg1-0etch1. Builds for hppa will be provided later.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

Affected Software/OS:
'icedove' package(s) on Debian 4.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
1018408
http://www.securitytracker.com/id?1018408
103177
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
20070720 rPSA-2007-0148-1 firefox thunderbird
http://www.securityfocus.com/archive/1/474226/100/0/threaded
20070724 FLEA-2007-0033-1: firefox thunderbird
http://www.securityfocus.com/archive/1/474542/100/0/threaded
201516
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
24946
http://www.securityfocus.com/bid/24946
25589
http://secunia.com/advisories/25589
26072
http://secunia.com/advisories/26072
26095
http://secunia.com/advisories/26095
26096
http://secunia.com/advisories/26096
26103
http://secunia.com/advisories/26103
26106
http://secunia.com/advisories/26106
26107
http://secunia.com/advisories/26107
26149
http://secunia.com/advisories/26149
26151
http://secunia.com/advisories/26151
26159
http://secunia.com/advisories/26159
26176
http://secunia.com/advisories/26176
26179
http://secunia.com/advisories/26179
26204
http://secunia.com/advisories/26204
26205
http://secunia.com/advisories/26205
26211
http://secunia.com/advisories/26211
26216
http://secunia.com/advisories/26216
26258
http://secunia.com/advisories/26258
26271
http://secunia.com/advisories/26271
26460
http://secunia.com/advisories/26460
26572
http://secunia.com/advisories/26572
27326
http://secunia.com/advisories/27326
28135
http://secunia.com/advisories/28135
28363
http://secunia.com/advisories/28363
ADV-2007-2564
http://www.vupen.com/english/advisories/2007/2564
ADV-2007-2565
http://www.vupen.com/english/advisories/2007/2565
ADV-2007-4256
http://www.vupen.com/english/advisories/2007/4256
ADV-2008-0082
http://www.vupen.com/english/advisories/2008/0082
DSA-1337
http://www.debian.org/security/2007/dsa-1337
DSA-1338
http://www.debian.org/security/2007/dsa-1338
DSA-1339
http://www.debian.org/security/2007/dsa-1339
DSA-1391
http://www.debian.org/security/2007/dsa-1391
GLSA-200708-09
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
MDVSA-2008:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
RHSA-2007:0722
http://www.redhat.com/support/errata/RHSA-2007-0722.html
RHSA-2007:0723
http://www.redhat.com/support/errata/RHSA-2007-0723.html
RHSA-2007:0724
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SSRT061181
SSRT061236
SUSE-SA:2007:049
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
USN-490-1
http://www.ubuntu.com/usn/usn-490-1
USN-503-1
http://www.ubuntu.com/usn/usn-503-1
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
mozilla-browser-engine-code-execution(35458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35458
oval:org.mitre.oval:def:10108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
mozilla-javascript-eng-code-execution(35459)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35459
oval:org.mitre.oval:def:11066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11066
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
1018479
http://securitytracker.com/id?1018479
1018480
http://securitytracker.com/id?1018480
1018481
http://securitytracker.com/id?1018481
20070801 FLEA-2007-0039-1 firefox
http://www.securityfocus.com/archive/1/475265/100/200/threaded
20070803 FLEA-2007-0040-1 thunderbird
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
25142
http://www.securityfocus.com/bid/25142
26234
http://secunia.com/advisories/26234
26288
http://secunia.com/advisories/26288
26303
http://secunia.com/advisories/26303
26309
http://secunia.com/advisories/26309
26331
http://secunia.com/advisories/26331
26335
http://secunia.com/advisories/26335
26393
http://secunia.com/advisories/26393
27276
http://secunia.com/advisories/27276
27298
http://secunia.com/advisories/27298
27325
http://secunia.com/advisories/27325
27327
http://secunia.com/advisories/27327
27356
http://secunia.com/advisories/27356
27414
http://secunia.com/advisories/27414
27680
http://secunia.com/advisories/27680
ADV-2007-3587
http://www.vupen.com/english/advisories/2007/3587
DSA-1344
http://www.debian.org/security/2007/dsa-1344
DSA-1345
http://www.debian.org/security/2007/dsa-1345
DSA-1346
http://www.debian.org/security/2007/dsa-1346
FEDORA-2007-2601
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
FEDORA-2007-3431
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
RHSA-2007:0979
http://www.redhat.com/support/errata/RHSA-2007-0979.html
RHSA-2007:0980
http://www.redhat.com/support/errata/RHSA-2007-0980.html
RHSA-2007:0981
http://www.redhat.com/support/errata/RHSA-2007-0981.html
SSA:2007-213-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
SUSE-SA:2007:057
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
USN-493-1
http://www.ubuntu.com/usn/usn-493-1
http://bugzilla.mozilla.org/show_bug.cgi?id=388121
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
https://issues.rpath.com/browse/RPL-1600
oval:org.mitre.oval:def:9493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9493
Common Vulnerability Exposure (CVE) ID: CVE-2007-3845
25053
http://www.securityfocus.com/bid/25053
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
1018834
http://securitytracker.com/id?1018834
1018835
http://securitytracker.com/id?1018835
1018977
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
20071026 rPSA-2007-0225-1 firefox
http://www.securityfocus.com/archive/1/482876/100/200/threaded
20071029 FLEA-2007-0062-1 firefox
http://www.securityfocus.com/archive/1/482925/100/0/threaded
20071029 rPSA-2007-0225-2 firefox thunderbird
http://www.securityfocus.com/archive/1/482932/100/200/threaded
231441
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
26132
http://www.securityfocus.com/bid/26132
27311
http://secunia.com/advisories/27311
27313
http://secunia.com/advisories/27313
27315
http://secunia.com/advisories/27315
27335
http://secunia.com/advisories/27335
27336
http://secunia.com/advisories/27336
27360
http://secunia.com/advisories/27360
27383
http://secunia.com/advisories/27383
27387
http://secunia.com/advisories/27387
27403
http://secunia.com/advisories/27403
27425
http://secunia.com/advisories/27425
27480
http://secunia.com/advisories/27480
27665
http://secunia.com/advisories/27665
27704
http://secunia.com/advisories/27704
27744
http://secunia.com/advisories/27744
28179
http://secunia.com/advisories/28179
28398
http://secunia.com/advisories/28398
28636
http://secunia.com/advisories/28636
ADV-2007-3544
http://www.vupen.com/english/advisories/2007/3544
ADV-2007-3545
http://www.vupen.com/english/advisories/2007/3545
ADV-2007-4272
http://www.vupen.com/english/advisories/2007/4272
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
ADV-2008-0643
http://www.vupen.com/english/advisories/2008/0643
DSA-1392
http://www.debian.org/security/2007/dsa-1392
DSA-1396
http://www.debian.org/security/2007/dsa-1396
DSA-1401
http://www.debian.org/security/2007/dsa-1401
FEDORA-2007-2664
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
GLSA-200711-14
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
GLSA-200711-24
http://security.gentoo.org/glsa/glsa-200711-24.xml
MDKSA-2007:202
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
SSA:2007-324-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
SUSE-SR:2008:002
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
USN-535-1
https://usn.ubuntu.com/535-1/
USN-536-1
http://www.ubuntu.com/usn/usn-536-1
VU#559977
http://www.kb.cert.org/vuls/id/559977
http://bugs.gentoo.org/show_bug.cgi?id=196481
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322%2C330563%2C341858%2C344064%2C348126%2C354645%2C361745%2C362901%2C378670%2C378682%2C379799%2C382376%2C384105%2C386382%2C386914%2C387033%2C387460%2C387844%2C391974%2C392285%2C393770%2C394014%2C394418
https://issues.rpath.com/browse/RPL-1858
https://issues.rpath.com/browse/RPL-1884
mozilla-multiple-browser-code-execution(37281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37281
oval:org.mitre.oval:def:10459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10459
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
VU#755513
http://www.kb.cert.org/vuls/id/755513
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309%2C387955%2C390078%2C393537
mozilla-multiple-java-code-execution(37282)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37282
oval:org.mitre.oval:def:9622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9622
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.