Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2025-1 (icedove)
The remote host is missing an update to icedove
announced via advisory DSA 2025-1.

Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following


Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
properly handle a '\0' character in a domain name in the subject's
Common Name (CN) field of an X.509 certificate (MFSA 2009-42).


Moxie Marlinspike reported a heap overflow vulnerability in the code
that handles regular expressions in certificate names (MFSA 2009-43).


monarch2020 discovered an integer overflow n a base64 decoding function
(MFSA 2010-07).


Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).


Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).


Ludovic Hirlimann reported a crash indexing some messages with
attachments, which could lead to the execution of arbitrary code
(MFSA 2010-07).

For the stable distribution (lenny), these problems have been fixed in

Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.

For the testing distribution squeeze and the unstable distribution (sid),
these problems will be fixed soon.

We recommend that you upgrade your icedove packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2408
Debian Security Information: DSA-1874 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:048 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2404
BugTraq ID: 35891
Cert/CC Advisory: TA10-103B
RedHat Security Advisories: RHSA-2009:1185
Common Vulnerability Exposure (CVE) ID: CVE-2009-2463
BugTraq ID: 35758
RedHat Security Advisories: RHSA-2009:1162
RedHat Security Advisories: RHSA-2009:1163
SuSE Security Announcement: SUSE-SA:2009:039 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:042 (Google Search)
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3072
BugTraq ID: 36343
Debian Security Information: DSA-1885 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3075
XForce ISS Database: mozilla-javascript-engine-code-exec(53158)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0163
BugTraq ID: 38831
XForce ISS Database: thunderbird-messages-dos(56993)
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.