DSA-2528-1 icedove -- severalID: oval:org.secpod.oval:def:600868 | Date: (C)2012-08-24 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed. CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop. CVE-2012-1954 A use-after-free vulnerability in the nsDocument::AdoptNode function allows remote attackers to cause a denial of service or possibly execute arbitrary code. CVE-2012-1967 An error in the implementation of the Javascript sandbox allows execution of Javascript code with improper privileges using javascript: URLs.