DSA-2025 icedove -- several vulnerabilitiesID: oval:org.mitre.oval:def:6699 | Date: (C)2010-05-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject"s Common Name field of an X.509 certificate . Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names . monarch2020 discovered an integer overflow in a base64 decoding function . Josh Soref discovered a crash in the BinHex decoder . Carsten Book reported a crash in the JavaScript engine . Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code .