Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2317-1
HistoryOct 05, 2011 - 12:00 a.m.

icedove - several

2011-10-0500:00:00
Google
osv.dev
17

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
  • CVE-2011-2372
    Mariusz Mlynski discovered that websites could open a download
    dialog — which has open as the default action —, while a user
    presses the ENTER key.
  • CVE-2011-2995
    Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes
    in the rendering engine, which could lead to the execution of
    arbitrary code.
  • CVE-2011-2998
    Mark Kaplan discovered an integer underflow in the JavaScript
    engine, which could lead to the execution of arbitrary code.
  • CVE-2011-2999
    Boris Zbarsky discovered that incorrect handling of the
    window.location object could lead to bypasses of the same-origin
    policy.
  • CVE-2011-3000
    Ian Graham discovered that multiple Location headers might lead to
    CRLF injection.

As indicated in the Lenny (oldstable) release notes, security support for
the Icedove packages in the oldstable needed to be stopped before the end
of the regular Lenny security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a different
mail client.

For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze5.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.15-1.

We recommend that you upgrade your icedove packages.

Related

oraclelinux 4
openvas 67
osv 2
centos 3
nessus 62
redhat 4
debian 4
ibm 2
suse 8
ubuntu 4
securityvulns 6
freebsd 1
checkpoint_advisories 2
prion 6
ubuntucve 6
cve 7
seebug 1
veracode 5
mozilla 5
oraclelinux
oraclelinux
firefox security update
2011-09-28 00:00:00
thunderbird security update
2011-09-28 00:00:00
thunderbird security update
2011-09-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 2313-1 (iceweasel)
2011-10-16 00:00:00
CentOS Update for firefox CESA-2011:1341 centos5 i386
2011-09-30 00:00:00
CentOS Update for firefox CESA-2011:1341 centos5 x86_64
2012-07-30 00:00:00
osv
osv
iceweasel - several
2011-09-29 00:00:00
iceape - several
2011-09-29 00:00:00
centos
centos
firefox, xulrunner security update
2011-09-29 03:54:30
seamonkey security update
2011-09-29 18:51:19
thunderbird security update
2011-09-29 04:34:00
nessus
nessus
RHEL 6 : thunderbird (RHSA-2011:1342)
2011-09-29 00:00:00
Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1341)
2013-07-12 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2011-1342)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2011:1341) Critical: firefox security update
2011-09-28 00:00:00
(RHSA-2011:1342) Critical: thunderbird security update
2011-09-28 00:00:00
(RHSA-2011:1343) Critical: thunderbird security update
2011-09-28 00:00:00
debian
debian
[SECURITY] [DSA 2312-1] iceape security update
2011-09-29 16:30:08
[SECURITY] [DSA 2317-1] icedove security update
2011-10-05 20:36:17
[BSA-048] Security Update for Iceweasel
2011-10-03 09:41:06
ibm
ibm
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
suse
suse
MozillaFirefox: Update to Firefox 3.6.23 (important)
2011-09-29 16:08:17
Security update for Mozilla Firefox (important)
2011-10-06 00:08:31
mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 (important)
2011-09-29 14:08:20
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2011-09-28 00:00:00
Thunderbird vulnerabilities
2011-09-28 00:00:00
Mozvoikko, ubufox, webfav update
2011-10-04 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-10-01 00:00:00
Mozilla Foundation Security Advisory 2011-39
2011-10-01 00:00:00
Mozilla Foundation Security Advisory 2011-37
2011-10-01 00:00:00
freebsd
freebsd
Mozilla -- multiple vulnerabilities
2011-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products Multiple Location Headers CRLF Injection (CVE-2011-3000)
2012-05-14 00:00:00
Mozilla Multiple Products Multiple Location Headers HTTP Response Splitting (CVE-2011-3000)
2011-12-27 00:00:00
prion
prion
Design/Logic Flaw
2011-09-29 00:55:00
Memory corruption
2011-09-29 00:55:00
Integer overflow
2011-09-30 10:55:00
ubuntucve
ubuntucve
CVE-2011-3000
2011-09-28 00:00:00
CVE-2011-2998
2011-09-30 00:00:00
CVE-2011-2995
2011-09-28 00:00:00
cve
cve
CVE-2011-3000
2011-09-29 00:55:00
CVE-2011-2998
2011-09-30 10:55:00
CVE-2011-2995
2011-09-29 00:55:00
seebug
seebug
Mozilla Firefox远程内存破坏漏洞(CVE-2011-2995)
2011-09-29 00:00:00
veracode
veracode
CRLF Injection
2020-04-10 01:02:44
Arbitrary Code Execution
2020-04-10 01:02:42
Arbitrary Code Execution
2020-04-10 01:02:41
mozilla
mozilla
Defense against multiple Location headers due to CRLF Injection — Mozilla
2011-09-27 00:00:00
Integer underflow when using JavaScript RegExp — Mozilla
2011-09-27 00:00:00
XSS via plugins and shadowed window.location object — Mozilla
2011-09-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-2317-1
oraclelinux4openvas67osv2centos3nessus62redhat4debian4ibm2suse8ubuntu4securityvulns6freebsd1checkpoint_advisories2prion6ubuntucve6cve7seebug1veracode5mozilla5