Debian: DSA-1696-1 Critical Icedove Remote Code Execution Issue
debian
January 7, 2009
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client
Topics Covered
Summary
Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-0016
Justin Schuh, Tom Cross and Peter Williams discovered a buffer
overflow in the parser for UTF-8 URLs, which may lead to the execution
of arbitrary code. (MFSA 2008-37)
CVE-2008-1380
It was discovered that crashes in the Javascript engine could
potentially lead to the execution of arbitrary code. (MFSA 2008-20)
CVE-2008-3835
"moz_bug_r_a4" discovered that the same-origin check in
nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)
CVE-2008-4058
"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
CVE-2008-4059
"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
CVE-2008...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: icedove
CVE ID: CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!