|
Test Kennung: | 1.3.6.1.4.1.25623.1.0.69068 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird) |
Zusammenfassung: | Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird) |
Beschreibung: | Description: The remote host is missing an update to mozilla-thunderbird announced via advisory MDVSA-2011:042. Security issues were identified and fixed in mozilla-thunderbird: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-0053). Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image (CVE-2011-0061). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-0062). The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element (CVE-2010-1585). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:042 http://www.mozillamessaging.com/en-US/thunderbird/3.1.9/releasenotes/ Risk factor : Critical CVSS Score: 10.0 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-0053 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html BugTraq ID: 46645 http://www.securityfocus.com/bid/46645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14379 Common Vulnerability Exposure (CVE) ID: CVE-2011-0061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 BugTraq ID: 46651 http://www.securityfocus.com/bid/46651 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486 Common Vulnerability Exposure (CVE) ID: CVE-2011-0062 BugTraq ID: 46647 http://www.securityfocus.com/bid/46647 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14409 Common Vulnerability Exposure (CVE) ID: CVE-2010-1585 Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search) http://www.securityfocus.com/archive/1/archive/1/510883/100/0/threaded http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/ http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532 |
Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 58962 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |
|