English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 131944 CVE Beschreibungen
und 69071 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68192
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-958-1 (thunderbird)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to thunderbird
announced via advisory USN-958-1.

Details follow:

Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing malicious content, a remote attacker could
use this to crash Thunderbird or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1211, CVE-2010-1212)

An integer overflow was discovered in how Thunderbird processed CSS values.
An attacker could exploit this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2752)

An integer overflow was discovered in how Thunderbird interpreted the XUL
element. If a user were tricked into viewing malicious content, a remote
attacker could use this to crash Thunderbird or possibly run arbitrary code
as the user invoking the program. (CVE-2010-2753)

Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)

Yosuke Hasegawa discovered that the same-origin check in Thunderbird could
be bypassed by utilizing the importScripts Web Worker method. If a user
were tricked into viewing malicious content, an attacker could exploit this
to read data from other domains. (CVE-2010-1213)

Chris Evans discovered that Thunderbird did not properly process improper
CSS selectors. If a user were tricked into viewing malicious content, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)

Soroush Dalili discovered that Thunderbird did not properly handle script
error output. An attacker could use this to access URL parameters from
other domains. (CVE-2010-2754)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
thunderbird 3.0.6+build2+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-958-1

Risk factor : Critical

CVSS Score:
9.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-0654
http://code.google.com/p/chromium/issues/detail?id=9877
http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html
http://websec.sv.cmu.edu/css/css.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811
Common Vulnerability Exposure (CVE) ID: CVE-2010-1205
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Debian Security Information: DSA-2072 (Google Search)
http://www.debian.org/security/2010/dsa-2072
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.ubuntu.com/usn/USN-960-1
BugTraq ID: 41174
http://www.securityfocus.com/bid/41174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851
http://secunia.com/advisories/40302
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/41574
http://secunia.com/advisories/42317
http://secunia.com/advisories/42314
http://secunia.com/advisories/40336
http://www.vupen.com/english/advisories/2010/1612
http://www.vupen.com/english/advisories/2010/1755
http://www.vupen.com/english/advisories/2010/1837
http://www.vupen.com/english/advisories/2010/1846
http://www.vupen.com/english/advisories/2010/1877
http://www.vupen.com/english/advisories/2010/2491
http://www.vupen.com/english/advisories/2010/3045
http://www.vupen.com/english/advisories/2010/3046
http://www.vupen.com/english/advisories/2010/1637
XForce ISS Database: libpng-rowdata-bo(59815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
Common Vulnerability Exposure (CVE) ID: CVE-2010-1211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11552
Common Vulnerability Exposure (CVE) ID: CVE-2010-1212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11771
Common Vulnerability Exposure (CVE) ID: CVE-2010-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11835
Common Vulnerability Exposure (CVE) ID: CVE-2010-2752
Bugtraq: 20100721 ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512514
http://www.zerodayinitiative.com/advisories/ZDI-10-133/
BugTraq ID: 41852
http://www.securityfocus.com/bid/41852
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680
Common Vulnerability Exposure (CVE) ID: CVE-2010-2753
Bugtraq: 20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512510
http://www.zerodayinitiative.com/advisories/ZDI-10-131/
SuSE Security Announcement: SUSE-SA:2010:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
BugTraq ID: 41853
http://www.securityfocus.com/bid/41853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958
Common Vulnerability Exposure (CVE) ID: CVE-2010-2754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 69071 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2018 E-Soft Inc. Alle Rechte vorbehalten.