Lucene search
GoogleOSV:DSA-2572-1HistoryNov 04, 2012 - 12:00 a.m.
iceape - several
2012-11-0400:00:00
Google
osv.dev
22
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
97.6%
Several vulnerabilities have been discovered in Iceape, an internet
suite based on Seamonkey:
- CVE-2012-3982
Multiple unspecified vulnerabilities in the browser engine
allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via unknown vectors. - CVE-2012-3986
Icedove does not properly restrict calls to DOMWindowUtils
methods, which allows remote attackers to bypass intended
access restrictions via crafted JavaScript code. - CVE-2012-3990
A Use-after-free vulnerability in the IME State Manager
implementation allows remote attackers to execute arbitrary
code via unspecified vectors, related to the
nsIContent::GetNameSpaceID function. - CVE-2012-3991
Icedove does not properly restrict JSAPI access to the
GetProperty function, which allows remote attackers to bypass
the Same Origin Policy and possibly have unspecified other
impact via a crafted web site. - CVE-2012-4179
A use-after-free vulnerability in the
nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote
attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via unspecified vectors. - CVE-2012-4180
A heap-based buffer overflow in the
nsHTMLEditor::IsPrevCharInNodeWhitespace function allows
remote attackers to execute arbitrary code via unspecified
vectors. - CVE-2012-4182
A use-after-free vulnerability in the
nsTextEditRules::WillInsert function allows remote attackers
to execute arbitrary code or cause a denial of service (heap
memory corruption) via unspecified vectors. - CVE-2012-4186
A heap-based buffer overflow in the
nsWav-eReader::DecodeAudioData function allows remote attackers
to execute arbitrary code via unspecified vectors. - CVE-2012-4188
A heap-based buffer overflow in the Convolve3x3 function
allows remote attackers to execute arbitrary code via
unspecified vectors.
Additionally, this update fixes a regression in the patch for
CVE-2012-3959,
released in DSA-2554-1.
For the stable distribution (squeeze), these problems have been fixed in
version 2.0.11-16.
For the testing distribution (wheezy), these problems have been fixed in
version 10.0.10esr-1.
For the unstable distribution (sid), these problems have been fixed in
version 10.0.10esr-1.
We recommend that you upgrade your iceape packages.
References
Related
openvas
openvas
Debian Security Advisory DSA 2572-1 (iceape)
2012-11-16 00:00:00
Debian: Security Advisory (DSA-2572-1)
2012-11-16 00:00:00
Debian: Security Advisory (DSA-2569-1)
2012-11-16 00:00:00
nessus
nessus
Debian DSA-2572-1 : iceape - several vulnerabilities
2012-11-05 00:00:00
Debian DSA-2569-1 : icedove - several vulnerabilities
2012-10-30 00:00:00
Debian DSA-2565-1 : iceweasel - several vulnerabilities
2012-10-24 00:00:00
debian
debian
[SECURITY] [DSA 2572-1] iceape security update
2012-11-04 18:59:26
[SECURITY] [DSA 2565-1] iceweasel security update
2012-10-23 19:45:56
[SECURITY] [DSA 2569-1] icedove security update
2012-10-29 20:57:34
osv
osv
icedove - several
2012-10-29 00:00:00
iceweasel - several
2012-10-23 00:00:00
icedove - several
2012-10-07 00:00:00
veracode
veracode
Bypass Policy
2019-05-02 04:43:33
Cross-site Scripting (XSS)
2019-05-02 04:43:33
Arbitrary Code Execution
2019-05-02 04:43:35
oraclelinux
oraclelinux
firefox security and bug fix update
2012-10-10 00:00:00
thunderbird security update
2012-10-10 00:00:00
thunderbird security update
2012-08-29 00:00:00
centos
centos
thunderbird security update
2012-10-10 13:53:37
firefox, xulrunner security update
2012-10-10 13:52:09
thunderbird security update
2012-08-29 12:53:01
redhat
redhat
(RHSA-2012:1350) Critical: firefox security and bug fix update
2012-10-09 00:00:00
(RHSA-2012:1351) Critical: thunderbird security update
2012-10-09 00:00:00
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2012-10-09 00:00:00
Thunderbird vulnerabilities
2012-10-12 00:00:00
suse
suse
MozillaFirefox: update to Firefox 16.0.1 (important)
2012-10-15 15:08:30
Security update for Mozilla Firefox (important)
2012-10-16 22:08:48
mozilla
mozilla
Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer — Mozilla
2012-10-09 00:00:00
Heap memory corruption issues found using Address Sanitizer — Mozilla
2012-10-09 00:00:00
Use-after-free in the IME State Manager — Mozilla
2012-10-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-10-09 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2012-10-10 17:55:00
Design/Logic Flaw
2012-08-29 10:56:00
Memory corruption
2012-10-10 17:55:00
cve
cve
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products WAV Processing Buffer Overflow (CVE-2012-4186)
2013-06-30 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
97.6%
Related for OSV:DSA-2572-1