Several vulnerabilities were discovered in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed. CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop. CVE-2012-1954 A use-after-free vulnerability in the nsDocument::AdoptNode function allows remote attackers to cause a denial of service or possibly execute arbitrary code. CVE-2012-1967 An error in the implementation of the Javascript sandbox allows execution of Javascript code with improper privileges using javascript: URLs.