DSA-2406-1 icedove -- severalID: oval:org.secpod.oval:def:600729 | Date: (C)2012-02-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Icedove, Debian"s variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document