Debian: DSA-2588-1 Critical: Icedove Email Client Remote Attacks
debian
December 16, 2012
Multiple vulnerabilities have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client
Topics Covered
Summary
Multiple vulnerabilities have been found in Icedove, Debian's version
of the Mozilla Thunderbird mail and news client.
CVE-2012-4201
The evalInSandbox implementation uses an incorrect context during
the handling of JavaScript code that sets the location.href
property, which allows remote attackers to conduct cross-site
scripting (XSS) attacks or read arbitrary files by leveraging a
sandboxed add-on.
CVE-2012-4207
The HZ-GB-2312 character-set implementation does not properly handle
a ~ (tilde) character in proximity to a chunk delimiter, which
allows remote attackers to conduct cross-site scripting (XSS)
attacks via a crafted document.
CVE-2012-4216
Use-after-free vulnerability in the gfxFont::GetFontEntry function
allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors.
CVE-2012-5829
Heap-based buffer overflow in the nsWindow::OnExposeEvent function could
allow remote attackers to execute arbitrary code.
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: icedove
CVE ID: CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!