Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702458
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities)
Summary:Several vulnerabilities have been found in the Iceape internet suite,;an unbranded version of Seamonkey:;;CVE-2012-0455Soroush Dalili discovered that a cross-site scripting countermeasure;related to JavaScript URLs could be bypassed.;;CVE-2012-0456Atte Kettunen discovered an out of bounds read in the SVG Filters,;resulting in memory disclosure.;;CVE-2012-0458Mariusz Mlynski discovered that privileges could be escalated through;a JavaScript URL as the home page.;;CVE-2012-0461Bob Clary discovered memory corruption bugs, which may lead to the;execution of arbitrary code.;;CVE-2012-0467Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary;Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,;and Olli Pettay discovered memory corruption bugs, which may lead;to the execution of arbitrary code.;;CVE-2012-0470Atte Kettunen discovered that a memory corruption bug in;gfxImageSurface may lead to the execution of arbitrary code.;;CVE-2012-0471Anne van Kesteren discovered that incorrect multibyte character;encoding may lead to cross-site scripting.;;CVE-2012-0477Masato Kinugawa discovered that incorrect encoding of;Korean and Chinese character sets may lead to cross-site scripting.;;CVE-2012-0479Jeroen van der Gun discovered a spoofing vulnerability in the;presentation of Atom and RSS feeds over HTTPS.
Description:Summary:
Several vulnerabilities have been found in the Iceape internet suite,
an unbranded version of Seamonkey:

CVE-2012-0455Soroush Dalili discovered that a cross-site scripting countermeasure
related to JavaScript URLs could be bypassed.

CVE-2012-0456Atte Kettunen discovered an out of bounds read in the SVG Filters,
resulting in memory disclosure.

CVE-2012-0458Mariusz Mlynski discovered that privileges could be escalated through
a JavaScript URL as the home page.

CVE-2012-0461Bob Clary discovered memory corruption bugs, which may lead to the
execution of arbitrary code.

CVE-2012-0467Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary
Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,
and Olli Pettay discovered memory corruption bugs, which may lead
to the execution of arbitrary code.

CVE-2012-0470Atte Kettunen discovered that a memory corruption bug in
gfxImageSurface may lead to the execution of arbitrary code.

CVE-2012-0471Anne van Kesteren discovered that incorrect multibyte character
encoding may lead to cross-site scripting.

CVE-2012-0477Masato Kinugawa discovered that incorrect encoding of
Korean and Chinese character sets may lead to cross-site scripting.

CVE-2012-0479Jeroen van der Gun discovered a spoofing vulnerability in the
presentation of Atom and RSS feeds over HTTPS.

Affected Software/OS:
iceape on Debian Linux

Solution:
For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-12

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your iceape packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0477
BugTraq ID: 53229
http://www.securityfocus.com/bid/53229
Debian Security Information: DSA-2457 (Google Search)
http://www.debian.org/security/2012/dsa-2457
Debian Security Information: DSA-2458 (Google Search)
http://www.debian.org/security/2012/dsa-2458
Debian Security Information: DSA-2464 (Google Search)
http://www.debian.org/security/2012/dsa-2464
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889
http://secunia.com/advisories/48920
http://secunia.com/advisories/48922
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
XForce ISS Database: firefox-iso2022kr-xss(75154)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75154
Common Vulnerability Exposure (CVE) ID: CVE-2012-0458
BugTraq ID: 52460
http://www.securityfocus.com/bid/52460
Debian Security Information: DSA-2433 (Google Search)
http://www.debian.org/security/2012/dsa-2433
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
RedHat Security Advisories: RHSA-2012:0387
http://rhn.redhat.com/errata/RHSA-2012-0387.html
RedHat Security Advisories: RHSA-2012:0388
http://rhn.redhat.com/errata/RHSA-2012-0388.html
http://www.securitytracker.com/id?1026801
http://www.securitytracker.com/id?1026803
http://www.securitytracker.com/id?1026804
http://secunia.com/advisories/48359
http://secunia.com/advisories/48402
http://secunia.com/advisories/48414
http://secunia.com/advisories/48495
http://secunia.com/advisories/48496
http://secunia.com/advisories/48513
http://secunia.com/advisories/48553
http://secunia.com/advisories/48561
http://secunia.com/advisories/48624
http://secunia.com/advisories/48629
http://secunia.com/advisories/48823
SuSE Security Announcement: SUSE-SU-2012:0424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
SuSE Security Announcement: SUSE-SU-2012:0425 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
SuSE Security Announcement: openSUSE-SU-2012:0417 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
http://www.ubuntu.com/usn/USN-1400-1
http://www.ubuntu.com/usn/USN-1400-2
http://www.ubuntu.com/usn/USN-1400-3
http://www.ubuntu.com/usn/USN-1400-4
http://www.ubuntu.com/usn/USN-1400-5
http://www.ubuntu.com/usn/USN-1401-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0471
BugTraq ID: 53219
http://www.securityfocus.com/bid/53219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961
Common Vulnerability Exposure (CVE) ID: CVE-2012-0479
BugTraq ID: 53224
http://www.securityfocus.com/bid/53224
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011
XForce ISS Database: firefox-rss-spoofing(75156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75156
Common Vulnerability Exposure (CVE) ID: CVE-2012-0455
BugTraq ID: 52458
http://www.securityfocus.com/bid/52458
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829
Common Vulnerability Exposure (CVE) ID: CVE-2012-0456
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007
Common Vulnerability Exposure (CVE) ID: CVE-2012-0461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009
Common Vulnerability Exposure (CVE) ID: CVE-2012-0470
BugTraq ID: 53225
http://www.securityfocus.com/bid/53225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989
Common Vulnerability Exposure (CVE) ID: CVE-2012-0467
BugTraq ID: 53223
http://www.securityfocus.com/bid/53223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17074
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.