-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2569-1 security@debian.org http://www.debian.org/security/ Florian Weimer October 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188 Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3982 Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-3986 Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. CVE-2012-3990 A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. CVE-2012-3991 Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. CVE-2012-4179 A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4180 A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-4182 A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4186 A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-4188 A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors. For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze14. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 10.0.9-1. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQju5FAAoJEL97/wQC1SS+7rYH/2ayLRJIwq5SxtlfOPETsoJL 6Aun6aXvq+2JckDfBRvkcn+4vRYP8TpAgWtkvSA8cB3+AbYqM1UsVXtdLabq6E8y vHj28EXcyER2v7QflJqEXgf5IAa+jXAux/Fzwbi2YR6bB0ubwnvyg7JzrRdRJRFF ZbQy8wRk0ilHnJ2u1vzTKDIlRZFklIlAzvgscw3X+NPLKRmzzgu3A5YeQrV8DOYi MbKtkm9smEHGGj2oNujewoY/47lutdxlkkeyalVvmyrZafHiygQy7mOgVB73l+El seAgrrxn5pjL47egMbM/R300BlbpnFKlzZN5RkB8/QLTCED4ooRCUYnWykMjnmo= =h0EX -----END PGP SIGNATURE-----