Summary
The remote host is missing an update to iceape
announced via advisory DSA 2572-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202572-1
Insight
Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey:
CVE-2012-3982
Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-3986
Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
CVE-2012-3990
A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the
nsIContent::GetNameSpaceID function.
CVE-2012-3991
Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.
CVE-2012-4179
A use-after-free vulnerability in the
nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4180
A heap-based buffer overflow in the
nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4182
A use-after-free vulnerability in the
nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-4186
A heap-based buffer overflow in the
nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4188
A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.
Additionally, this update fixes a regression in the patch for CVE-2012-3959, released in DSA-2554-1.
For the stable distribution (squeeze), these problems have been fixed in version 2.0.11-16.
For the testing distribution (wheezy), these problems have been fixed in version 10.0.10esr-1.
For the unstable distribution (sid), these problems have been fixed in version 10.0.10esr-1.
We recommend that you upgrade your iceape packages.
Severity
Classification
-
CVE CVE-2012-3959, CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities