Lucene search
Debian: Security Advisory (DSA-1485-2)
🗓️ 19 Mar 2008 00:00:00Reported by Copyright (C) 2008 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 17 Views
The remote host is missing an update for the Debian 'icedove' package(s) due to multiple remote vulnerabilities in the Icedove mail client, the unbranded version of the Thunderbird client
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | [SECURITY] [DSA 1484-1] New xulrunner packages fix several vulnerabilities | 10 Feb 200820:23 | – | debian |
| [SECURITY] [DSA 1485-2] New icedove packages fix regression | 17 Mar 200820:39 | – | debian |
| [SECURITY] [DSA 1485-1] New icedove packages fix several vulnerabilities | 10 Feb 200820:39 | – | debian |
| [SECURITY] [DSA 1489-1] New iceweasel packages fix several vulnerabilities | 10 Feb 200820:46 | – | debian |
| [SECURITY] [DSA 1506-2] New iceape packages fix regression | 20 Mar 200801:41 | – | debian |
| [SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities | 24 Feb 200812:30 | – | debian |
| Debian Security Advisory DSA 1485-1 (icedove) | 15 Feb 200800:00 | – | openvas |
| Debian Security Advisory DSA 1485-1 (icedove) | 15 Feb 200800:00 | – | openvas |
| Debian: Security Advisory (DSA-1489-1) | 15 Feb 200800:00 | – | openvas |
| Debian Security Advisory DSA 1484-1 (xulrunner) | 15 Feb 200800:00 | – | openvas |
10
| Source | Link |
|---|---|
| debian | www.debian.org/security/2008/DSA-1485-2 |
| security-tracker | www.security-tracker.debian.org/tracker/DSA-1485 |
# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.60575");
script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");
script_tag(name:"creation_date", value:"2008-03-19 19:30:32 +0000 (Wed, 19 Mar 2008)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Debian: Security Advisory (DSA-1485-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB4");
script_xref(name:"Advisory-ID", value:"DSA-1485-2");
script_xref(name:"URL", value:"https://www.debian.org/security/2008/DSA-1485-2");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1485");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-1485-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0412
Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2008-0413
Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor and tgirmann discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.
CVE-2008-0415
moz_bug_r_a4 and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation.
CVE-2008-0418
Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.
CVE-2008-0419
David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code.
CVE-2008-0591
Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript.
The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.
For the stable distribution (etch), these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1-0etch2.
We recommend that you upgrade your icedove packages.");
script_tag(name:"affected", value:"'icedove' package(s) on Debian 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB4") {
if(!isnull(res = isdpkgvuln(pkg:"icedove", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-dbg", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-dev", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-gnome-support", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-inspector", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-typeaheadfind", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird-dev", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird-inspector", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird-typeaheadfind", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"thunderbird", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"thunderbird-dbg", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"thunderbird-dev", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"thunderbird-gnome-support", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"thunderbird-inspector", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"thunderbird-typeaheadfind", ver:"1.5.0.13+1.5.0.15b.dfsg1-0etch2", rls:"DEB4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo19 Mar 2008 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS29.3
EPSS0.38662