CVE-2012-0479 Affecting icedove package, versions <10.0.4-1


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
1.03% (84th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN8-ICEDOVE-379096
  • published25 Apr 2012
  • disclosed25 Apr 2012

Introduced: 25 Apr 2012

CVE-2012-0479  (opens in a new tab)

How to fix?

Upgrade Debian:8 icedove to version 10.0.4-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream icedove package and not the icedove package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.

CVSS Scores

version 3.1