Lucene search

K
osvGoogleOSV:DSA-1485-2
HistoryFeb 10, 2008 - 12:00 a.m.

icedove - several vulnerabilities

2008-02-1000:00:00
Google
osv.dev
14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.152 Low

EPSS

Percentile

95.1%

Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. The Common
Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-0412
    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
    Nickerson discovered crashes in the layout engine, which might allow
    the execution of arbitrary code.
  • CVE-2008-0413
    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
    Philip Taylor and tgirmann discovered crashes in the JavaScript
    engine, which might allow the execution of arbitrary code.
  • CVE-2008-0415
    moz_bug_r_a4 and Boris Zbarsky discovered several
    vulnerabilities in JavaScript handling, which could allow
    privilege escalation.
  • CVE-2008-0418
    Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory
    traversal vulnerability in chrome: URI handling could lead to
    information disclosure.
  • CVE-2008-0419
    David Bloom discovered a race condition in the image handling of
    designMode elements, which can lead to information disclosure and
    potentially the execution of arbitrary code.
  • CVE-2008-0591
    Michal Zalewski discovered that timers protecting security-sensitive
    dialogs (by disabling dialog elements until a timeout is reached)
    could be bypassed by window focus changes through JavaScript.

The Mozilla products from the old stable distribution (sarge) are no
longer supported with security updates.

For the stable distribution (etch), these problems have been fixed in
version 1.5.0.13+1.5.0.15b.dfsg1-0etch2.

We recommend that you upgrade your icedove packages.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.152 Low

EPSS

Percentile

95.1%