DSA-2489-1 iceape -- several vulnerabilitiesID: oval:org.secpod.oval:def:600829 | Date: (C)2012-06-21 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-1940 Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. CVE-2012-1947 Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conersion, allowing to execute arbitray code.