English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 131944 CVE Beschreibungen
und 69071 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.67131
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-915-1 (thunderbird)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to thunderbird
announced via advisory USN-915-1.

Details follow:

Several flaws were discovered in the JavaScript engine of Thunderbird. If a
user had JavaScript enabled and were tricked into viewing malicious web
content, a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)

Josh Soref discovered that the BinHex decoder used in Thunderbird contained
a flaw. If a user were tricked into viewing malicious content, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-3072)

It was discovered that Thunderbird did not properly manage memory when
using XUL tree elements. If a user were tricked into viewing malicious
content, a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-3077)

Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly
display filenames containing right-to-left (RTL) override characters. If a
user were tricked into opening a malicious file with a crafted filename, an
attacker could exploit this to trick the user into opening a different file
than the user expected. (CVE-2009-3376)

Takehiro Takahashi discovered flaws in the NTLM implementation in
Thunderbird. If an NTLM authenticated user opened content containing links
to a malicious website, a remote attacker could send requests to other
applications, authenticated as the user. (CVE-2009-3983)

Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain
messages with attachments. A remote attacker could send specially crafted
content and cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0163)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04:
thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1

Ubuntu 9.10:
thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-915-1

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-0689
http://securityreason.com/achievement_securityalert/63
http://securityreason.com/achievement_securityalert/72
http://securityreason.com/achievement_securityalert/73
http://securityreason.com/achievement_securityalert/71
http://securityreason.com/achievement_securityalert/77
http://securityreason.com/achievement_securityalert/78
http://securityreason.com/achievement_securityalert/69
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/81
Bugtraq: 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507977/100/0/threaded
Bugtraq: 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507979/100/0/threaded
Bugtraq: 20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/508423/100/0/threaded
Bugtraq: 20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/508417/100/0/threaded
http://secunia.com/secunia_research/2009-35/
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://www.redhat.com/support/errata/RHSA-2009-1601.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
RedHat Security Advisories: RHSA-2014:0311
http://rhn.redhat.com/errata/RHSA-2014-0311.html
RedHat Security Advisories: RHSA-2014:0312
http://rhn.redhat.com/errata/RHSA-2014-0312.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-915-1
BugTraq ID: 35510
http://www.securityfocus.com/bid/35510
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541
http://securitytracker.com/id?1022478
http://secunia.com/advisories/37431
http://secunia.com/advisories/37682
http://secunia.com/advisories/37683
http://secunia.com/advisories/38066
http://secunia.com/advisories/39001
http://secunia.com/advisories/38977
http://www.vupen.com/english/advisories/2009/3297
http://www.vupen.com/english/advisories/2009/3299
http://www.vupen.com/english/advisories/2009/3334
http://www.vupen.com/english/advisories/2010/0094
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
Common Vulnerability Exposure (CVE) ID: CVE-2009-2463
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html
RedHat Security Advisories: RHSA-2009:1162
http://rhn.redhat.com/errata/RHSA-2009-1162.html
RedHat Security Advisories: RHSA-2009:1163
http://rhn.redhat.com/errata/RHSA-2009-1163.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
SuSE Security Announcement: SUSE-SA:2009:042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
SuSE Security Announcement: SUSE-SA:2009:039 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
BugTraq ID: 35758
http://www.securityfocus.com/bid/35758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10369
http://secunia.com/advisories/35914
http://secunia.com/advisories/35943
http://secunia.com/advisories/35944
http://secunia.com/advisories/35947
http://secunia.com/advisories/36145
http://secunia.com/advisories/36005
http://www.vupen.com/english/advisories/2009/1972
http://www.vupen.com/english/advisories/2009/2152
Common Vulnerability Exposure (CVE) ID: CVE-2009-3072
Debian Security Information: DSA-1885 (Google Search)
http://www.debian.org/security/2009/dsa-1885
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
SuSE Security Announcement: SUSE-SA:2009:048 (Google Search)
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
BugTraq ID: 36343
http://www.securityfocus.com/bid/36343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315
http://secunia.com/advisories/36671
http://secunia.com/advisories/37098
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://secunia.com/advisories/36692
Common Vulnerability Exposure (CVE) ID: CVE-2009-3075
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717
XForce ISS Database: mozilla-javascript-engine-code-exec(53158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53158
Common Vulnerability Exposure (CVE) ID: CVE-2009-3077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606
Common Vulnerability Exposure (CVE) ID: CVE-2009-3376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6541
Common Vulnerability Exposure (CVE) ID: CVE-2009-3983
Debian Security Information: DSA-1956 (Google Search)
http://www.debian.org/security/2009/dsa-1956
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
RedHat Security Advisories: RHSA-2009:1673
https://rhn.redhat.com/errata/RHSA-2009-1673.html
RedHat Security Advisories: RHSA-2009:1674
https://rhn.redhat.com/errata/RHSA-2009-1674.html
SuSE Security Announcement: SUSE-SA:2009:063 (Google Search)
http://www.novell.com/linux/security/advisories/2009_63_firefox.html
http://www.ubuntu.com/usn/USN-873-1
http://www.ubuntu.com/usn/USN-874-1
BugTraq ID: 37349
http://www.securityfocus.com/bid/37349
BugTraq ID: 37366
http://www.securityfocus.com/bid/37366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240
http://securitytracker.com/id?1023340
http://securitytracker.com/id?1023341
http://secunia.com/advisories/37699
http://secunia.com/advisories/37703
http://secunia.com/advisories/37704
http://secunia.com/advisories/37785
http://secunia.com/advisories/37813
http://secunia.com/advisories/37856
http://secunia.com/advisories/37881
http://www.vupen.com/english/advisories/2009/3547
XForce ISS Database: firefox-ntlm-reflection(54807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54807
Common Vulnerability Exposure (CVE) ID: CVE-2010-0163
http://www.redhat.com/support/errata/RHSA-2010-0499.html
BugTraq ID: 38831
http://www.securityfocus.com/bid/38831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14259
http://www.vupen.com/english/advisories/2010/1556
XForce ISS Database: thunderbird-messages-dos(56993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56993
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 69071 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2018 E-Soft Inc. Alle Rechte vorbehalten.