Debian: DSA-2528-1: icedove security update
Debian: DSA-2528-1: icedove security update
Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. CVE-2012-1948
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2528-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Florian Weimer August 14, 2012 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-1948 CVE-2012-1950 CVE-2012-1954 CVE-2012-1967 Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed. CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop. CVE-2012-1954 A use-after-free vulnerability in the nsDocument::AdoptNode function allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. CVE-2012-1967 An error in the implementation of the Javascript sandbox allows execution of Javascript code with improper privileges using javascript: URLs. For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze12. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 10.0.6-1. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.