Security Information / 2012 / Security Information -- DSA-2569-1 icedove

Debian Security Advisory

DSA-2569-1 icedove -- several vulnerabilities

Date Reported:

29 Oct 2012

Affected Packages:

icedove

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188.

More information:

Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems:

• CVE-2012-3982

  Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

• CVE-2012-3986

  Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

• CVE-2012-3990

  A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.

• CVE-2012-3991

  Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.

• CVE-2012-4179

  A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

• CVE-2012-4180

  A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors.

• CVE-2012-4182

  A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

• CVE-2012-4186

  A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

• CVE-2012-4188

  A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze14.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 10.0.9-1.

We recommend that you upgrade your icedove packages.