DSA-2513-1 iceape -- severalID: oval:org.secpod.oval:def:600850 | Date: (C)2012-07-21 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-1948 Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. CVE-2012-1954 Abhishek Arya discovered a use-after-free problem in nsDocument::AdoptNode that may lead to the execution of arbitrary code. CVE-2012-1967 moz_bug_r_a4 discovered that in certain cases, javascript:: URLs can be executed so that scripts can escape the JavaScript sandbox and run with elevated privileges. This can lead to arbitrary code execution.