Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
buffer overflows and use-after-frees may lead to the execution of
arbitrary code, privilege escalation or denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 31.7.0-1~deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 31.7.0-1~deb8u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

CPENameOperatorVersion
icedoveeq31.7.0-1~deb7u1
icedoveeq31.6.0-1

CPE	Name	Operator	Version
	icedove	eq	31.7.0-1~deb7u1
	icedove	eq	31.6.0-1

References

www.debian.org/security/2015/dsa-3264

oraclelinux 3

openvas 49

nessus 52

veracode 7

debian 5

ubuntu 2

redhat 4

centos 3

suse 4

archlinux 3

mageia 3

kaspersky 1

securityvulns 3

freebsd 2

cve 7

prion 7

mozilla 5

ubuntucve 7

osv 4

ibm 17

gentoo 1

f5 4

debiancve 2

amazon 1

redhatcve 1

alpinelinux 1

slackware 1

oraclelinux

firefox security update

2015-05-13 00:00:00

thunderbird security update

2015-05-19 00:00:00

expat security update

2020-04-06 00:00:00

openvas

Debian: Security Advisory (DSA-3264-1)

2015-05-18 00:00:00

CentOS Update for firefox CESA-2015:0988 centos6

2015-06-09 00:00:00

RedHat Update for firefox RHSA-2015:0988-01

2015-06-09 00:00:00

nessus

Debian DSA-3264-1 : icedove - security update

2015-05-20 00:00:00

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150512)

2015-05-14 00:00:00

Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)

2015-05-13 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:39:09

Arbitrary Code Execution

2019-05-02 05:39:09

Arbitrary Code Execution

2019-05-02 05:39:10

debian

[SECURITY] [DSA 3264-1] icedove security update

2015-05-19 21:12:26

[SECURITY] [DSA 3260-1] iceweasel security update

2015-05-13 17:22:46

[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update

2015-04-15 15:23:10

ubuntu

Thunderbird vulnerabilities

2015-05-18 00:00:00

Firefox vulnerabilities

2015-05-13 00:00:00

redhat

(RHSA-2015:1012) Important: thunderbird security update

2015-05-18 00:00:00

(RHSA-2015:0988) Critical: firefox security update

2015-05-12 00:00:00

(RHSA-2020:2508) Moderate: expat security update

2020-06-10 16:46:54

centos

thunderbird security update

2015-05-18 14:07:12

firefox security update

2015-05-13 00:01:13

expat security update

2020-04-08 17:58:10

suse

Security update for MozillaFirefox (important)

2015-05-28 12:05:02

Security update for MozillaFirefox (important)

2015-06-01 15:05:51

Update to Firefox 31.7.0esr (important)

2015-05-18 13:04:51

archlinux

thunderbird: multiple issues

2015-05-18 00:00:00

firefox: multiple issues

2015-05-13 00:00:00

expat: arbitrary code execution

2016-03-24 00:00:00

mageia

Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities

2015-05-18 22:08:05

Updated gstreamer0.10-plugins-bad packages fix security vulnerabilities

2015-05-05 16:36:50

Updated iceape packages fix security vulnerabilities

2015-09-08 10:20:40

kaspersky

KLA10584 Multiple vulnerabilities in Mozilla products

2015-05-12 00:00:00

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2015-05-13 00:00:00

gst-plugins buffer overflow

2015-04-17 00:00:00

[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update

2015-04-17 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2015-05-12 00:00:00

expat2 -- denial of service

2016-06-09 00:00:00

cve

CVE-2015-2710

2015-05-14 10:59:00

CVE-2015-2708

2015-05-14 10:59:00

CVE-2015-2713

2015-05-14 10:59:00

prion

Heap overflow

2015-05-14 10:59:00

Memory corruption

2015-05-14 10:59:00

Memory corruption

2015-05-14 10:59:00

mozilla

Buffer overflow with SVG content and CSS — Mozilla

2015-05-12 00:00:00

Buffer overflow when parsing compressed XML — Mozilla

2015-05-12 00:00:00

Use-after-free during text processing with vertical text enabled — Mozilla

2015-05-12 00:00:00

ubuntucve

CVE-2015-2710

2015-05-13 00:00:00

CVE-2015-2708

2015-05-13 00:00:00

CVE-2015-2713

2015-05-13 00:00:00

osv

expat - security update

2015-07-25 00:00:00

gst-plugins-bad0.10 - security update

2015-04-15 00:00:00

CVE-2016-4472

2016-06-30 17:59:00

ibm

Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2015-2716)

2020-07-23 21:34:53

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-1283)

2022-05-15 12:11:44

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-1283)

2019-01-22 16:30:15

gentoo

GStreamer: User-assisted execution of arbitrary code

2015-12-30 00:00:00

K50459349 : Expat XML library vulnerability CVE-2015-2716

2017-02-10 00:00:00

K15104541 : Expat XML library vulnerability CVE-2015-1283

2016-10-11 00:00:00

SOL22232964 - Expat XML library vulnerability CVE-2016-4472

2016-10-21 00:00:00

debiancve

CVE-2015-1283

2015-07-23 00:59:00

CVE-2016-4472

2016-06-30 17:59:00

amazon

Medium: expat

2020-05-11 20:41:00

redhatcve

CVE-2016-4472

2016-06-09 09:48:44

alpinelinux

CVE-2016-4472

2016-06-30 17:59:00

slackware

[slackware-security] expat

2016-12-24 19:24:21

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DSA-3264-1