Executive Summary
Summary | |
---|---|
Title | icedove security update |
Informations | |||
---|---|---|---|
Name | DSA-2499 | First vendor Publication | 2012-06-24 |
Vendor | Debian | Last vendor Modification | 2012-06-24 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issues (CVE-2012-1940). For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze11. We recommend that you upgrade your icedove packages. |
Original Source
Url : http://www.debian.org/security/2012/dsa-2499 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17054 | |||
Oval ID: | oval:org.mitre.oval:def:17054 | ||
Title: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. | ||
Description: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1940 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17055 | |||
Oval ID: | oval:org.mitre.oval:def:17055 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1937 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18563 | |||
Oval ID: | oval:org.mitre.oval:def:18563 | ||
Title: | DSA-2499-1 icedove - several | ||
Description: | Several vulnerabilities have been discovered in Icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (<a href="http://security-tracker.debian.org/tracker/CVE-2012-1937">CVE-2012-1937</a>, <a href="http://security-tracker.debian.org/tracker/CVE-2012-1939">CVE-2012-1939</a>) and a use-after-free issue (<a href="http://security-tracker.debian.org/tracker/CVE-2012-1940">CVE-2012-1940</a>). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2499-1 CVE-2012-1937 CVE-2012-1939 CVE-2012-1940 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2489-1 (iceape) File : nvt/deb_2489_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2499-1 (icedove) File : nvt/deb_2499_1.nasl |
2012-08-10 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox68.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2488-1 (iceweasel) File : nvt/deb_2488_1.nasl |
2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:088 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_088.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0715 centos5 File : nvt/gb_CESA-2012_0715_thunderbird_centos5.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0715 centos6 File : nvt/gb_CESA-2012_0715_thunderbird_centos6.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0710 centos6 File : nvt/gb_CESA-2012_0710_firefox_centos6.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0710 centos5 File : nvt/gb_CESA-2012_0710_firefox_centos5.nasl |
2012-06-28 | Name : Ubuntu Update for thunderbird USN-1463-6 File : nvt/gb_ubuntu_USN_1463_6.nasl |
2012-06-25 | Name : Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_088_1.nasl |
2012-06-25 | Name : Ubuntu Update for thunderbird USN-1463-4 File : nvt/gb_ubuntu_USN_1463_4.nasl |
2012-06-22 | Name : Ubuntu Update for firefox USN-1463-3 File : nvt/gb_ubuntu_USN_1463_3.nasl |
2012-06-19 | Name : Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Mac OS X) File : nvt/gb_mozilla_prdts_jsinfer_dos_vuln_macosx.nasl |
2012-06-19 | Name : Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) File : nvt/gb_mozilla_prdts_jsinfer_dos_vuln_win.nasl |
2012-06-19 | Name : Mozilla Products Multiple Vulnerabilities - June12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_jun12_macosx.nasl |
2012-06-19 | Name : Mozilla Products Multiple Vulnerabilities - June12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_jun12_win.nasl |
2012-06-08 | Name : RedHat Update for firefox RHSA-2012:0710-01 File : nvt/gb_RHSA-2012_0710-01_firefox.nasl |
2012-06-08 | Name : RedHat Update for thunderbird RHSA-2012:0715-01 File : nvt/gb_RHSA-2012_0715-01_thunderbird.nasl |
2012-06-08 | Name : Ubuntu Update for firefox USN-1463-1 File : nvt/gb_ubuntu_USN_1463_1.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-333.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0715.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0710.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-120611.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120606_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120605_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2488.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2489.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2499.nasl - Type : ACT_GATHER_INFO |
2012-06-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-6.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-088.nasl - Type : ACT_GATHER_INFO |
2012-06-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-4.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-3.nasl - Type : ACT_GATHER_INFO |
2012-06-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-8189.nasl - Type : ACT_GATHER_INFO |
2012-06-08 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0715.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_130.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1005.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0715.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_210.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_130.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1005.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_13_0.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_5.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-1.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_13_0.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_5.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0710.nasl - Type : ACT_GATHER_INFO |
2012-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0710.nasl - Type : ACT_GATHER_INFO |
2012-06-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_bfecf7c1af4711e195804061862b8c22.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:10 |
|