Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702406
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in Icedove, Debian's;variant of the Mozilla Thunderbird code base.;;CVE-2011-3670Icedove does not not properly enforce the IPv6 literal address;syntax, which allows remote attackers to obtain sensitive;information by making XMLHttpRequest calls through a proxy and;reading the error messages.;;CVE-2012-0442Memory corruption bugs could cause Icedove to crash or;possibly execute arbitrary code.;;CVE-2012-0444Icedove does not properly initialize nsChildView data;structures, which allows remote attackers to cause a denial of;service (memory corruption and application crash) or possibly;execute arbitrary code via a crafted Ogg Vorbis file.;;CVE-2012-0449Icedove allows remote attackers to cause a denial of service;(memory corruption and application crash) or possibly execute;arbitrary code via a malformed XSLT stylesheet that is;embedded in a document.
Description:Summary:
Several vulnerabilities have been discovered in Icedove, Debian's
variant of the Mozilla Thunderbird code base.

CVE-2011-3670Icedove does not not properly enforce the IPv6 literal address
syntax, which allows remote attackers to obtain sensitive
information by making XMLHttpRequest calls through a proxy and
reading the error messages.

CVE-2012-0442Memory corruption bugs could cause Icedove to crash or
possibly execute arbitrary code.

CVE-2012-0444Icedove does not properly initialize nsChildView data
structures, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly
execute arbitrary code via a crafted Ogg Vorbis file.

CVE-2012-0449Icedove allows remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via a malformed XSLT stylesheet that is
embedded in a document.

Affected Software/OS:
icedove on Debian Linux

Solution:
For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze7.

We recommend that you upgrade your icedove packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0449
BugTraq ID: 51754
http://www.securityfocus.com/bid/51754
Debian Security Information: DSA-2400 (Google Search)
http://www.debian.org/security/2012/dsa-2400
Debian Security Information: DSA-2402 (Google Search)
http://www.debian.org/security/2012/dsa-2402
Debian Security Information: DSA-2406 (Google Search)
http://www.debian.org/security/2012/dsa-2406
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14618
SuSE Security Announcement: SUSE-SU-2012:0198 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
SuSE Security Announcement: SUSE-SU-2012:0221 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
XForce ISS Database: mozilla-xsltstylesheets-code-execution(72868)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72868
Common Vulnerability Exposure (CVE) ID: CVE-2012-0442
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678
Common Vulnerability Exposure (CVE) ID: CVE-2011-3670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14814
Common Vulnerability Exposure (CVE) ID: CVE-2012-0444
BugTraq ID: 51753
http://www.securityfocus.com/bid/51753
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464
http://secunia.com/advisories/48043
http://secunia.com/advisories/48095
http://www.ubuntu.com/usn/USN-1370-1
XForce ISS Database: mozilla-nschildview-code-exec(72858)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72858
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.