Lucene search
GoogleOSV:DSA-2269-1HistoryJul 01, 2011 - 12:00 a.m.
iceape - several
2011-07-0100:00:00
Google
osv.dev
14
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.1%
Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:
- CVE-2011-0083 /
CVE-2011-2363
regenrecht discovered two use-after-frees in SVG processing,
which could lead to the execution of arbitrary code. - CVE-2011-0085
regenrecht discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code. - CVE-2011-2362
David Chan discovered that cookies were insufficiently isolated. - CVE-2011-2371
Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the
JavaScript engine, which could lead to the execution of arbitrary
code. - CVE-2011-2373
Martin Barbella discovered a use-after-free in XUL processing,
which could lead to the execution of arbitrary code. - CVE-2011-2374
Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and
Christian Biesinger discovered memory corruption bugs, which may
lead to the execution of arbitrary code. - CVE-2011-2376
Luke Wagner and Gary Kwong discovered memory corruption bugs, which
may lead to the execution of arbitrary code.
The oldstable distribution (lenny) is not affected. The iceape
package only provides the XPCOM code.
For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-6.
For the unstable distribution (sid), this problem has been fixed in
version 2.0.14-3.
We recommend that you upgrade your iceape packages.
References
Related
osv
osv
icedove - multiple issues
2011-07-06 00:00:00
iceweasel - several
2011-07-01 00:00:00
debian
debian
[BSA-040] Security Update for iceweasel
2011-07-04 19:21:10
[SECURITY] [DSA 2273-1] icedove security update
2011-07-06 18:48:11
[SECURITY] [DSA 2268-1] iceweasel security update
2011-07-01 19:48:11
openvas
openvas
Debian Security Advisory DSA 2268-1 (iceweasel)
2011-08-03 00:00:00
Debian Security Advisory DSA 2269-1 (iceape)
2011-08-03 00:00:00
Debian Security Advisory DSA 2273-1 (icedove)
2011-08-03 00:00:00
nessus
nessus
Debian DSA-2269-1 : iceape - several vulnerabilities
2011-07-05 00:00:00
Debian DSA-2273-1 : icedove - several vulnerabilities
2011-07-07 00:00:00
Debian DSA-2268-1 : iceweasel - several vulnerabilities
2011-07-05 00:00:00
suse
suse
MozillaThunderbird: Update to Thunderbird 3.1.11 (important)
2011-06-30 21:08:16
Security update for Mozilla Firefox (important)
2011-06-30 23:08:22
remote code execution in MozillaFirefox,MozillaThunderbird
2011-07-05 17:43:33
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2011-06-22 00:00:00
Thunderbird vulnerabilities
2011-07-15 00:00:00
Firefox regression
2011-06-29 00:00:00
redhat
redhat
(RHSA-2011:0887) Critical: thunderbird security update
2011-06-21 00:00:00
(RHSA-2011:0885) Critical: firefox security and bug fix update
2011-06-21 00:00:00
(RHSA-2011:0888) Critical: seamonkey security update
2011-06-21 00:00:00
centos
centos
thunderbird security update
2011-06-22 23:49:49
firefox, xulrunner security update
2011-06-22 23:42:39
seamonkey security update
2011-08-14 21:51:22
oraclelinux
oraclelinux
thunderbird security update
2011-06-21 00:00:00
seamonkey security update
2011-06-21 00:00:00
firefox security and bug fix update
2011-06-21 00:00:00
mozilla
mozilla
Multiple dangling pointer vulnerabilities — Mozilla
2011-06-21 00:00:00
Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) — Mozilla
2011-06-21 00:00:00
securityvulns
securityvulns
cve
cve
cvelist
cvelist
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:58:20
Arbitrary Code Execution
2020-04-10 00:58:19
Same-Origin Policy Bypass
2020-04-10 00:58:20
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2011-06-30 16:55:00
Memory corruption
2011-06-30 16:55:00
Design/Logic Flaw
2011-06-30 16:55:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products Array.reduceRight Integer Overflow (CVE-2011-2371)
2011-09-27 00:00:00
seebug
seebug
Mozilla Firefox Array.reduceRight() Integer Overflow Exploit
2011-10-13 00:00:00
Mozilla Firefox/Thunderbird/SeaMonkey Cookie跨域信息泄露漏洞
2011-06-25 00:00:00
Mozilla Firefox/Thunderbird内存破坏漏洞(CVE-2011-2374)
2011-06-25 00:00:00
packetstorm
packetstorm
Mozilla Firefox 4.0.1 Integer Overflow
2012-02-27 00:00:00
Mozilla Firefox Integer Overflow
2011-10-13 00:00:00
Mozilla Firefox Array.reduceRight() Integer Overflow
2011-10-14 00:00:00
zdi
zdi
Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability
2011-06-21 00:00:00
Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability
2011-06-21 00:00:00
canvas
canvas
Immunity Canvas: FIREFOX_ARRAY_REDUCERIGHT
2011-06-30 16:55:00
fireeye
fireeye
Using EMET to Disable EMET
2016-02-23 08:00:00
exploitpack
exploitpack
Mozilla Firefox 4.0.1 - Array.reduceRight() Remote Overflow
2012-02-27 00:00:00
Mozilla Firefox - Array.reduceRight() Integer Overflow (1)
2011-10-12 00:00:00
exploitdb
exploitdb
Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow
2012-02-27 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.1%
Related for OSV:DSA-2269-1