Debian: DSA-2187-1 Moderate: Icedove Remote Code Execution
debian
March 9, 2011
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client
Summary
Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.
CVE-2010-1585
Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.
CVE-2011-0053
Crashes in the layout engine may lead to the execution of arbitrary
code.
CVE-2011-0051
Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.
CVE-2011-0054, CVE-2010-0056
Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.
CVE-2011-0055
"regenrecht" and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.
CVE-2011-0057
Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code.
CVE-2011-0059
Peleus Uhley discovere...
PREVIOUS
NEXT
Package: icedove
CVE ID: CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!