Debian: DSA-2273-1 Critical: Icedove Remote Code Execution Problem
debian
July 6, 2011
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client
Topics Covered
Summary
Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing,
which could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
CVE-2011-2362
David Chan discovered that cookies were insufficiently isolated.
CVE-2011-2371
Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the
Javascript engine, which could lead to the execution of arbitrary
code.
CVE-2011-2373
Martin Barbella discovered a use-after-free in XUL processing,
which could lead to the execution of arbitrary code.
CVE-2011-2374
Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and
Christian Biesinger discovered memory corruption bugs, which may
lead to the execution of arbitrary code.
CVE-2011-2376
Luke Wagner and Gary Kwong di...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: icedove
CVE ID: CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!