Debian: DSA-2720-1 Moderate: Icedove Several Remote Risks

Multiple security issues have been found in Icedove, Debian's version
of the Mozilla Thunderbird mail and news client. Multiple memory safety
errors, use-after-free vulnerabilities, missing permission checks, incorrect
memory handling and other implementaton errors may lead to the execution
of arbitrary code, privilege escalation, information disclosure or
cross-site request forgery.

As already announced for Iceweasel: We're changing the approach for
security updates for Icedove in stable-security: Instead of
backporting security fixes, we now provide releases based on the
Extended Support Release branch. As such, this update introduces
packages based on Thunderbird 17 and at some point in the future we
will switch to the next ESR branch once ESR 17 has reached it's end
of life.

Some Icedove extensions currently packaged in the Debian archive are
not compatible with the new browser engine. Up-to-date and compatible
versions can be retrieved from https://addons.mozilla.org/en-US/firefox/ as ...