Debian: DSA-2569-1 Critical: Icedove Mail Client Remote Threats
debian
October 29, 2012
Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client
Summary
Multiple vulnerabilities have been discovered in Icedove, Debian's
version of the Mozilla Thunderbird mail client. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2012-3982
Multiple unspecified vulnerabilities in the browser engine
allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
CVE-2012-3986
Icedove does not properly restrict calls to DOMWindowUtils
methods, which allows remote attackers to bypass intended
access restrictions via crafted JavaScript code.
CVE-2012-3990
A Use-after-free vulnerability in the IME State Manager
implementation allows remote attackers to execute arbitrary
code via unspecified vectors, related to the
nsIContent::GetNameSpaceID function.
CVE-2012-3991
Icedove does not properly restrict JSAPI access to the
GetProperty function, which allows remote attackers to bypass
the Same Origin Policy and possibly have uns...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: icedove
CVE ID: CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!