Debian DSA-1485-2 : icedove - several vulnerabilities
High Nessus Plugin ID 30225
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.
- CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.
- CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code.
The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.
SolutionUpgrade the icedove packages.
For the stable distribution (etch), these problems have been fixed in version 220.127.116.11+18.104.22.168b.dfsg1-0etch2.