Debian: DSA-2572-1: iceape security update

    Date04 Nov 2012
    CategoryDebian
    44
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey: CVE-2012-3982
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2572-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Thijs Kinkhorst
    November 4, 2012                       http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : iceape
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 
                     CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186
                     CVE-2012-4188
    
    Several vulnerabilities have been discovered in Iceape, an internet
    suite based on Seamonkey:
    
    CVE-2012-3982
            Multiple unspecified vulnerabilities in the browser engine
            allow remote attackers to cause a denial of service (memory
            corruption and application crash) or possibly execute
            arbitrary code via unknown vectors.
    
    CVE-2012-3986
            Icedove does not properly restrict calls to DOMWindowUtils
            methods, which allows remote attackers to bypass intended
            access restrictions via crafted JavaScript code.
    
    CVE-2012-3990
            A Use-after-free vulnerability in the IME State Manager
            implementation allows remote attackers to execute arbitrary
            code via unspecified vectors, related to the
            nsIContent::GetNameSpaceID function.
    
    CVE-2012-3991
            Icedove does not properly restrict JSAPI access to the
            GetProperty function, which allows remote attackers to bypass
            the Same Origin Policy and possibly have unspecified other
            impact via a crafted web site.
    
    CVE-2012-4179
            A use-after-free vulnerability in the
            nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote
            attackers to execute arbitrary code or cause a denial of
            service (heap memory corruption) via unspecified vectors.
    
    CVE-2012-4180
            A heap-based buffer overflow in the
            nsHTMLEditor::IsPrevCharInNodeWhitespace function allows
            remote attackers to execute arbitrary code via unspecified
            vectors.
    
    CVE-2012-4182
            A use-after-free vulnerability in the
            nsTextEditRules::WillInsert function allows remote attackers
            to execute arbitrary code or cause a denial of service (heap
            memory corruption) via unspecified vectors.
    
    CVE-2012-4186
            A heap-based buffer overflow in the
            nsWav-eReader::DecodeAudioData function allows remote attackers
            to execute arbitrary code via unspecified vectors.
    
    CVE-2012-4188
            A heap-based buffer overflow in the Convolve3x3 function
            allows remote attackers to execute arbitrary code via
            unspecified vectors.
    
    Additionally, this update fixes a regression in the patch for
    CVE-2012-3959, released in DSA-2554-1.
    
    For the stable distribution (squeeze), these problems have been fixed in
    version 2.0.11-16.
    
    For the testing distribution (wheezy), these problems have been fixed in
    version 10.0.10esr-1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 10.0.10esr-1.
    
    We recommend that you upgrade your iceape packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.