The remote host is missing an update to icedove announced via advisory DSA 2528-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202528-1

Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed. CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop. CVE-2012-1954 A use-after-free vulnerability in the nsDocument::AdoptNode function allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. CVE-2012-1967 An error in the implementation of the Javascript sandbox allows execution of Javascript code with improper privileges using javascript: URLs. For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze12. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 10.0.6-1. We recommend that you upgrade your icedove packages.