Test ID:	1.3.6.1.4.1.25623.1.0.71824
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2528-1)
Summary:	The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-2528-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-2528-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed. CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop. CVE-2012-1954 A use-after-free vulnerability in the nsDocument::AdoptNode function allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. CVE-2012-1967 An error in the implementation of the JavaScript sandbox allows execution of JavaScript code with improper privileges using javascript: URLs. For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze12. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 10.0.6-1. We recommend that you upgrade your icedove packages. Affected Software/OS: 'icedove' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1948 BugTraq ID: 54580 http://www.securityfocus.com/bid/54580 Debian Security Information: DSA-2514 (Google Search) http://www.debian.org/security/2012/dsa-2514 Debian Security Information: DSA-2528 (Google Search) http://www.debian.org/security/2012/dsa-2528 http://osvdb.org/84007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16744 RedHat Security Advisories: RHSA-2012:1088 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://www.securitytracker.com/id?1027256 http://www.securitytracker.com/id?1027257 http://www.securitytracker.com/id?1027258 http://secunia.com/advisories/49963 http://secunia.com/advisories/49964 http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http://secunia.com/advisories/49977 http://secunia.com/advisories/49979 http://secunia.com/advisories/49992 http://secunia.com/advisories/49993 http://secunia.com/advisories/49994 SuSE Security Announcement: SUSE-SU-2012:0895 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html SuSE Security Announcement: SUSE-SU-2012:0896 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html SuSE Security Announcement: openSUSE-SU-2012:0899 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:0917 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://www.ubuntu.com/usn/USN-1509-1 http://www.ubuntu.com/usn/USN-1509-2 http://www.ubuntu.com/usn/USN-1510-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1950 http://osvdb.org/84008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16970 Common Vulnerability Exposure (CVE) ID: CVE-2012-1954 BugTraq ID: 54578 http://www.securityfocus.com/bid/54578 http://osvdb.org/83995 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16984 Common Vulnerability Exposure (CVE) ID: CVE-2012-1967 BugTraq ID: 54573 http://www.securityfocus.com/bid/54573 http://osvdb.org/84013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.