English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.72564
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2569-1)
Summary:The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-2569-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-2569-1 advisory.

Vulnerability Insight:
Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2012-3982

Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2012-3986

Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

CVE-2012-3990

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.

CVE-2012-3991

Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.

CVE-2012-4179

A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-4180

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-4182

A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-4186

A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-4188

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze14.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 10.0.9-1.

We recommend that you upgrade your icedove packages.

Affected Software/OS:
'icedove' package(s) on Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3982
BugTraq ID: 55924
http://www.securityfocus.com/bid/55924
Debian Security Information: DSA-2565 (Google Search)
http://www.debian.org/security/2012/dsa-2565
Debian Security Information: DSA-2569 (Google Search)
http://www.debian.org/security/2012/dsa-2569
Debian Security Information: DSA-2572 (Google Search)
http://www.debian.org/security/2012/dsa-2572
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16612
RedHat Security Advisories: RHSA-2012:1351
http://rhn.redhat.com/errata/RHSA-2012-1351.html
http://secunia.com/advisories/50856
http://secunia.com/advisories/50892
http://secunia.com/advisories/50904
http://secunia.com/advisories/50935
http://secunia.com/advisories/50936
http://secunia.com/advisories/50984
http://secunia.com/advisories/51181
http://secunia.com/advisories/55318
SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://www.ubuntu.com/usn/USN-1611-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3986
BugTraq ID: 55922
http://www.securityfocus.com/bid/55922
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834
Common Vulnerability Exposure (CVE) ID: CVE-2012-3990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16642
XForce ISS Database: firefox-nsicontent-code-exec(79172)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79172
Common Vulnerability Exposure (CVE) ID: CVE-2012-3991
BugTraq ID: 55930
http://www.securityfocus.com/bid/55930
http://osvdb.org/86098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16646
Common Vulnerability Exposure (CVE) ID: CVE-2012-4179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16882
XForce ISS Database: firefox-createcsspropertytxn-code-exec(79157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79157
Common Vulnerability Exposure (CVE) ID: CVE-2012-4180
http://osvdb.org/86099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16428
XForce ISS Database: firefox-isprevcharinnode-bo(79158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79158
Common Vulnerability Exposure (CVE) ID: CVE-2012-4182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16191
XForce ISS Database: firefox-nstexteditrules-code-exec(79160)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79160
Common Vulnerability Exposure (CVE) ID: CVE-2012-4186
http://osvdb.org/86117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16193
XForce ISS Database: firefox-nswavereader-bo(79163)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79163
Common Vulnerability Exposure (CVE) ID: CVE-2012-4188
http://osvdb.org/86096
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16964
XForce ISS Database: firefox-convolve3x3-bo(79165)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79165
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.