iceape - several vulnerabilities

2012-06-0700:00:00

Google

osv.dev

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.137 Low

EPSS

Percentile

94.8%

JSON

Several vulnerabilities have been found in the Iceape internet suite,
an unbranded version of Seamonkey.

CVE-2012-1937
Mozilla developers discovered several memory corruption bugs,
which may lead to the execution of arbitrary code.
CVE-2012-1940
Abhishek Arya discovered a use-after-free problem when working
with column layout with absolute positioning in a container that
changes size, which may lead to the execution of arbitrary code.
CVE-2012-1947
Abhishek Arya discovered a heap buffer overflow in utf16 to latin1
character set conversion, allowing to execute arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-13.

For the testing distribution (wheezy) and unstable distribution (sid),
this problem will be fixed soon.

We recommend that you upgrade your iceape packages.

CPENameOperatorVersion
iceapeeq2.0.11-10
iceapeeq2.0.11-11
iceapeeq2.0.11-12
iceapeeq2.0.11-2
iceapeeq2.0.11-3
iceapeeq2.0.11-4
iceapeeq2.0.11-5
iceapeeq2.0.11-6
iceapeeq2.0.11-7
iceapeeq2.0.11-8

Name	Operator	Version
iceape	eq	2.0.11-10
iceape	eq	2.0.11-11
iceape	eq	2.0.11-12
iceape	eq	2.0.11-2
iceape	eq	2.0.11-3
iceape	eq	2.0.11-4
iceape	eq	2.0.11-5
iceape	eq	2.0.11-6
iceape	eq	2.0.11-7
iceape	eq	2.0.11-8