logo
DATABASE RESOURCES PRICING ABOUT US

Debian DSA-1574-1 : icedove - several vulnerabilities

Description

# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1535.wml Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting. - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.


Related