Debian DSA-2572-1 : iceape - several vulnerabilities

critical Nessus Plugin ID 62805

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Iceape, an internet suite based on SeaMonkey :

- CVE-2012-3982 Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

- CVE-2012-3986 Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

- CVE-2012-3990 A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.

- CVE-2012-3991 Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted website.

- CVE-2012-4179 A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

- CVE-2012-4180 A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors.

- CVE-2012-4182 A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

- CVE-2012-4186 A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

- CVE-2012-4188 A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Additionally, this update fixes a regression in the patch for CVE-2012-3959, released in DSA-2554-1.

Solution

Upgrade the iceape packages.

For the stable distribution (squeeze), these problems have been fixed in version 2.0.11-16.

See Also

https://security-tracker.debian.org/tracker/CVE-2012-3982

https://security-tracker.debian.org/tracker/CVE-2012-3986

https://security-tracker.debian.org/tracker/CVE-2012-3990

https://security-tracker.debian.org/tracker/CVE-2012-3991

https://security-tracker.debian.org/tracker/CVE-2012-4179

https://security-tracker.debian.org/tracker/CVE-2012-4180

https://security-tracker.debian.org/tracker/CVE-2012-4182

https://security-tracker.debian.org/tracker/CVE-2012-4186

https://security-tracker.debian.org/tracker/CVE-2012-4188

https://security-tracker.debian.org/tracker/CVE-2012-3959

https://packages.debian.org/source/squeeze/iceape

https://www.debian.org/security/2012/dsa-2572

Plugin Details

Severity: Critical

ID: 62805

File Name: debian_DSA-2572.nasl

Version: 1.14

Type: local

Agent: unix

Published: 11/5/2012

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:iceape, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 11/4/2012

Reference Information

CVE: CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188

BID: 55922, 55924, 55930, 56121, 56123, 56126, 56129, 56131, 56135

DSA: 2572