DSA-2402-1 iceape -- severalID: oval:org.secpod.oval:def:600725 | Date: (C)2012-02-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code.