oval:org.mitre.oval:def:8036

Definition Id: oval:org.mitre.oval:def:8036
 
Oval ID: oval:org.mitre.oval:def:8036
Title: DSA-1830 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. (MFSA 2009-15) Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24) Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33)
Family: unix Class: patch
Reference(s): DSA-1830
CVE-2009-0040
CVE-2009-0352
CVE-2009-0353
CVE-2009-0652
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0776
CVE-2009-1302
CVE-2009-1303
CVE-2009-1307
CVE-2009-1832
CVE-2009-1392
CVE-2009-1836
CVE-2009-1838
CVE-2009-1841
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6513
 
Oval ID: oval:org.mitre.oval:def:6513
Title: Debian GNU/Linux 5.0 is installed
Description: Debian GNU/Linux 5.0 (lenny) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:5.0
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:8036