Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.
- CVE-2012-0455
Soroush Dalili discovered that a cross-site scripting countermeasure
related to Javascript URLs could be bypassed.
- CVE-2012-0456
Atte Kettunen discovered an out of bounds read in the SVG Filters,
resulting in memory disclosure.
- CVE-2012-0458
Mariusz Mlynski discovered that privileges could be escalated through
a Javascript URL as the home page.
- CVE-2012-0461
Bob Clary discovered memory corruption bugs, which may lead to the
execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze8.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your icedove packages.