| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. monarch2020 discovered an integer overflow in a base64 decoding function. Josh Soref discovered a crash in the BinHex decoder. Carsten Book reported a crash in the JavaScript engine. Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code. |