Lucene search
GoogleOSV:DSA-2437-1HistoryMar 21, 2012 - 12:00 a.m.
icedove - several
2012-03-2100:00:00
Google
osv.dev
8
0.056 Low
EPSS
Percentile
93.3%
Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.
- CVE-2012-0455
Soroush Dalili discovered that a cross-site scripting countermeasure
related to Javascript URLs could be bypassed. - CVE-2012-0456
Atte Kettunen discovered an out of bounds read in the SVG Filters,
resulting in memory disclosure. - CVE-2012-0458
Mariusz Mlynski discovered that privileges could be escalated through
a Javascript URL as the home page. - CVE-2012-0461
Bob Clary discovered memory corruption bugs, which may lead to the
execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze8.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your icedove packages.
References
Related
osv
osv
iceweasel - several
2012-03-15 00:00:00
iceape - several
2012-05-13 00:00:00
nessus
nessus
Debian DSA-2433-1 : iceweasel - several vulnerabilities
2012-03-16 00:00:00
Debian DSA-2437-1 : icedove - several vulnerabilities
2012-03-22 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)
2012-03-26 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2437-1)
2012-04-30 00:00:00
Debian Security Advisory DSA 2437-1 (icedove)
2012-04-30 00:00:00
Debian: Security Advisory (DSA-2433-1)
2012-04-30 00:00:00
debian
debian
[SECURITY] [DSA 2437-1] icedove security update
2012-03-21 18:58:26
[SECURITY] [DSA 2433-1] iceweasel security update
2012-03-15 21:42:10
[SECURITY] [DSA 2548-1] iceape security update
2012-04-24 20:56:27
ubuntu
ubuntu
Xulrunner vulnerabilities
2012-03-19 00:00:00
Thunderbird vulnerabilities
2012-03-23 00:00:00
Thunderbird vulnerabilities
2012-03-21 00:00:00
suse
suse
Security update for Mozilla Firefox (critical)
2012-03-29 06:08:20
Security update for Mozilla Firefox (critical)
2012-03-28 21:08:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
oraclelinux
oraclelinux
thunderbird security update
2012-03-14 00:00:00
firefox security and bug fix update
2012-03-14 00:00:00
centos
centos
thunderbird security update
2012-03-14 11:41:24
firefox, xulrunner security update
2012-03-14 11:23:06
redhat
redhat
(RHSA-2012:0388) Critical: thunderbird security update
2012-03-14 00:00:00
(RHSA-2012:0387) Critical: firefox security and bug fix update
2012-03-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-03-13 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-03-17 00:00:00
cvelist
cvelist
mozilla
mozilla
XSS with Drag and Drop and Javascript: URL — Mozilla
2012-03-13 00:00:00
Escalation of privilege with Javascript: URL as home page — Mozilla
2012-03-13 00:00:00
SVG issues found with Address Sanitizer — Mozilla
2012-03-13 00:00:00
prion
prion
Out-of-bounds
2012-03-14 19:55:00
Code injection
2012-03-14 19:55:00
Cross site scripting
2012-03-14 19:55:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:07:56
Information Disclosure
2020-04-10 01:07:55
Cross-site Scripting (XSS)
2020-04-10 01:07:54
nvd
nvd
cve
cve
ubuntucve
ubuntucve
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00