English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.55550
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2005:174 (mozilla-thunderbird)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to mozilla-thunderbird
announced via advisory MDKSA-2005:174.

Updated Mozilla Thunderbird packages fix various vulnerabilities:

The run-mozilla.sh script, with debugging enabled, would allow local
users to create or overwrite arbitrary files via a symlink attack on
temporary files (CVE-2005-2353).

A bug in the way Thunderbird processes XBM images could be used to
execute arbitrary code via a specially crafted XBM image file
(CVE-2005-2701).

A bug in the way Thunderbird handles certain Unicode sequences could be
used to execute arbitrary code via viewing a specially crafted Unicode
sequence (CVE-2005-2702).

A bug in the way Thunderbird makes XMLHttp requests could be abused by
a malicious web page to exploit other proxy or server flaws from the
victim's machine
however, the default behaviour of the browser is to
disallow this (CVE-2005-2703).

A bug in the way Thunderbird implemented its XBL interface could be
abused by a malicious web page to create an XBL binding in such a way
as to allow arbitrary JavaScript execution with chrome permissions
(CVE-2005-2704).

An integer overflow in Thunderbird's JavaScript engine could be
manipulated in certain conditions to allow a malicious web page to
execute arbitrary code (CVE-2005-2705).

A bug in the way Thunderbird displays about: pages could be used to
execute JavaScript with chrome privileges (CVE-2005-2706).

A bug in the way Thunderbird opens new windows could be used by a
malicious web page to construct a new window without any user interface
elements (such as address bar and status bar) that could be used to
potentially mislead the user (CVE-2005-2707).

A bug in the way Thunderbird proceesed URLs on the command line could
be used to execute arbitary commands as the user running Thunderbird

this could be abused by clicking on a supplied link, such as from an
instant messaging client (CVE-2005-2968).

Tom Ferris reported that Thunderbird would crash when processing a
domain name consisting solely of soft-hyphen characters due to a heap
overflow when IDN processing results in an empty string after removing
non-wrapping chracters, such as soft-hyphens. This could be exploited
to run or or install malware on the user's computer (CVE-2005-2871).

The updated packages have been patched to correct these issues.

Affected versions: 10.2, 2006.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:174
http://www.mozilla.org/security/announce/mfsa2005-59.html
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.mozilla.org/security/announce/mfsa2005-57.html

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-2353
BugTraq ID: 14443
http://www.securityfocus.com/bid/14443
Debian Security Information: DSA-1046 (Google Search)
http://www.debian.org/security/2006/dsa-1046
Debian Security Information: DSA-1051 (Google Search)
http://www.debian.org/security/2006/dsa-1051
http://www.mandriva.com/security/advisories?name=MDKSA-2005:173
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://secunia.com/advisories/19863
http://secunia.com/advisories/19941
https://usn.ubuntu.com/157-1/
Common Vulnerability Exposure (CVE) ID: CVE-2005-2701
1014954
http://securitytracker.com/id?1014954
14916
http://www.securityfocus.com/bid/14916
15495
http://www.securityfocus.com/bid/15495
16911
http://secunia.com/advisories/16911
16917
http://secunia.com/advisories/16917
16977
http://secunia.com/advisories/16977
17014
http://secunia.com/advisories/17014
17026
http://secunia.com/advisories/17026
17149
http://secunia.com/advisories/17149
17263
http://secunia.com/advisories/17263
17284
http://secunia.com/advisories/17284
19643
http://www.osvdb.org/19643
ADV-2005-1824
http://www.vupen.com/english/advisories/2005/1824
DSA-838
http://www.debian.org/security/2005/dsa-838
DSA-866
http://www.debian.org/security/2005/dsa-866
DSA-868
http://www.debian.org/security/2005/dsa-868
FLSA-2006:168375
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
MDKSA-2005:174
RHSA-2005:785
http://www.redhat.com/support/errata/RHSA-2005-785.html
RHSA-2005:789
http://www.redhat.com/support/errata/RHSA-2005-789.html
SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
SUSE-SA:2005:058
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
USN-200-1
http://www.ubuntu.com/usn/usn-200-1
http://www.mozilla.org/security/announce/mfsa2005-58.html
mozilla-xbm-bo(22373)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22373
oval:org.mitre.oval:def:1480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1480
oval:org.mitre.oval:def:9323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9323
Common Vulnerability Exposure (CVE) ID: CVE-2005-2702
14918
http://www.securityfocus.com/bid/14918
17042
http://secunia.com/advisories/17042
17090
http://secunia.com/advisories/17090
RHSA-2005:791
http://www.redhat.com/support/errata/RHSA-2005-791.html
mozilla-zerowidthnonjoiner-stack-corruption(22375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22375
oval:org.mitre.oval:def:1150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1150
oval:org.mitre.oval:def:11609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11609
Common Vulnerability Exposure (CVE) ID: CVE-2005-2703
14923
http://www.securityfocus.com/bid/14923
mozilla-xmlhttprequest-spoofing(22376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
oval:org.mitre.oval:def:10767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
oval:org.mitre.oval:def:1089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089
Common Vulnerability Exposure (CVE) ID: CVE-2005-2704
14921
http://www.securityfocus.com/bid/14921
mozilla-thunderbird-xml-object-spoof(22824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22824
oval:org.mitre.oval:def:1272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1272
oval:org.mitre.oval:def:9784
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9784
Common Vulnerability Exposure (CVE) ID: CVE-2005-2705
14917
http://www.securityfocus.com/bid/14917
https://bugzilla.mozilla.org/show_bug.cgi?id=303213
mozilla-javascript-bo(22377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22377
oval:org.mitre.oval:def:10367
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10367
oval:org.mitre.oval:def:1307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1307
Common Vulnerability Exposure (CVE) ID: CVE-2005-2706
14920
http://www.securityfocus.com/bid/14920
19648
http://www.osvdb.org/19648
19823
http://secunia.com/advisories/19823
SUSE-SA:2006:022
http://www.novell.com/linux/security/advisories/2006_04_25.html
mozilla-about-execute-code(22378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22378
oval:org.mitre.oval:def:11317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11317
oval:org.mitre.oval:def:1443
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1443
Common Vulnerability Exposure (CVE) ID: CVE-2005-2707
14919
http://www.securityfocus.com/bid/14919
http://www.mozilla.org/security/announce/mfsa2005-59.html
mozilla-chrome-window-spoofing(22380)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
oval:org.mitre.oval:def:11130
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
oval:org.mitre.oval:def:1197
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
Common Vulnerability Exposure (CVE) ID: CVE-2005-2968
14888
http://www.securityfocus.com/bid/14888
16869
http://secunia.com/advisories/16869
ADV-2005-1794
http://www.vupen.com/english/advisories/2005/1794
USN-186-1
http://www.ubuntu.com/usn/usn-186-1
USN-186-2
http://www.ubuntu.com/usn/usn-186-2
VU#914681
http://www.kb.cert.org/vuls/id/914681
https://bugzilla.mozilla.org/show_bug.cgi?id=307185
oval:org.mitre.oval:def:11105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105
Common Vulnerability Exposure (CVE) ID: CVE-2005-2871
1014877
http://securitytracker.com/id?1014877
14784
http://www.securityfocus.com/bid/14784
16764
http://secunia.com/advisories/16764
16766
http://secunia.com/advisories/16766
16767
http://secunia.com/advisories/16767
19255
http://www.osvdb.org/19255
20050909 Mozilla Firefox "Host:" Buffer Overflow
http://marc.info/?l=full-disclosure&m=112624614008387&w=2
20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html
83
http://securityreason.com/securityalert/83
ADV-2005-1690
http://www.vupen.com/english/advisories/2005/1690
ADV-2005-1691
http://www.vupen.com/english/advisories/2005/1691
DSA-837
http://www.debian.org/security/2005/dsa-837
GLSA-200509-11
http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml
P-303
http://www.ciac.org/ciac/bulletins/p-303.shtml
RHSA-2005:768
http://www.redhat.com/support/errata/RHSA-2005-768.html
RHSA-2005:769
http://www.redhat.com/support/errata/RHSA-2005-769.html
USN-181-1
http://www.ubuntu.com/usn/usn-181-1
VU#573857
http://www.kb.cert.org/vuls/id/573857
http://www.mozilla.org/security/announce/mfsa2005-57.html
http://www.securiteam.com/securitynews/5RP0B0UGVW.html
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
http://www.security-protocols.com/firefox-death.html
https://bugzilla.mozilla.org/show_bug.cgi?id=307259
mozilla-url-bo(22207)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22207
oval:org.mitre.oval:def:1287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287
oval:org.mitre.oval:def:584
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584
oval:org.mitre.oval:def:9608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.