Several vulnerabilities have been discovered in Icedove, Debian"s variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document