DebianDEBIAN:BSA-038:680C5[BSA-038] Security Update for icedove
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.4%
Christoph Göhre uploaded new packages for icedove which fixed the following
security problems:
CVE-2011-0083
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in
the implementation of SVG element lists allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code via
vectors involving a user-supplied callback.
CVE-2011-0085
Use-after-free vulnerability in the nsXULCommandDispatcher function allows
remote attackers to execute arbitrary code via a crafted XUL document that
dequeues the current command updater.
CVE-2011-2362
Icedove do not distinguish between cookies for two domain names that differ
only in a trailing dot, which allows remote web servers to bypass the Same
Origin Policy via Set-Cookie headers.
CVE-2011-2363
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in
the implementation of SVG element lists allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code via
vectors involving a user-supplied callback.
CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2376
Unspecified vulnerability allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code.
CVE-2011-2371
Integer overflow in the Array.reduceRight method allows remote attackers to
execute arbitrary code via vectors involving a long JavaScript Array object.
CVE-2011-2373
Use-after-free vulnerability allows remote attackers to execute arbitrary
code via a crafted XUL document.
CVE-2011-2377
Allow remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a
multipart/x-mixed-replace image.
For the squeeze-backports distribution, this problem have been fixed in
version 3.1.11-1~bpo60+1.
For the testing distribution (wheezy), this problem has been fixed in
version 3.1.11-1.
For the unstable distribution (sid), this problem has been fixed in
version 3.1.11-1.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | amd64 | icedove | < 3.1.11-1 | icedove_3.1.11-1_amd64.deb |
| Debian | 7 | sh4 | icedove-dev | < 3.1.11-1 | icedove-dev_3.1.11-1_sh4.deb |
| Debian | 999 | s390x | icedove-dev | < 3.1.11-1 | icedove-dev_3.1.11-1_s390x.deb |
| Debian | 999 | amd64 | icedove | < 3.1.11-1 | icedove_3.1.11-1_amd64.deb |
| Debian | 7 | hurd-i386 | icedove | < 3.1.11-1 | icedove_3.1.11-1_hurd-i386.deb |
| Debian | 7 | s390 | icedove-dbg | < 3.1.11-1 | icedove-dbg_3.1.11-1_s390.deb |
| Debian | 7 | all | icedove | < 3.1.11-1 | icedove_3.1.11-1_all.deb |
| Debian | 999 | mips | icedove-dev | < 3.1.11-1 | icedove-dev_3.1.11-1_mips.deb |
| Debian | 7 | sh4 | icedove | < 3.1.11-1 | icedove_3.1.11-1_sh4.deb |
| Debian | 7 | kfreebsd-i386 | icedove | < 3.1.11-1 | icedove_3.1.11-1_kfreebsd-i386.deb |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.4%