Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird)

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 94899 CVE Beschreibungen und 51984 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.69068

Kategorie: Mandrake Local Security Checks

Titel: Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird)

Zusammenfassung: Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird)

Beschreibung: Description:
The remote host is missing an update to mozilla-thunderbird
announced via advisory MDVSA-2011:042.

Security issues were identified and fixed in mozilla-thunderbird:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before
3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2011-0053).

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image (CVE-2011-0061).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2011-0062).

The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey
before 2.0.12 does not properly sanitize HTML in a chrome document,
which makes it easier for remote attackers to execute arbitrary
JavaScript with chrome privileges via a javascript: URI in input to
an extension, as demonstrated by a javascript:alert sequence in (1)
the HREF attribute of an A element or (2) the ACTION attribute of a
FORM element (CVE-2010-1585).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Affected: 2009.0, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:042
http://www.mozillamessaging.com/en-US/thunderbird/3.1.9/releasenotes/

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
http://www.redhat.com/support/errata/RHSA-2011-0312.html
http://www.redhat.com/support/errata/RHSA-2011-0313.html
BugTraq ID: 46645
http://www.securityfocus.com/bid/46645
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14379
Common Vulnerability Exposure (CVE) ID: CVE-2011-0061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
BugTraq ID: 46651
http://www.securityfocus.com/bid/46651
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14486
Common Vulnerability Exposure (CVE) ID: CVE-2011-0062
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14409
Common Vulnerability Exposure (CVE) ID: CVE-2010-1585
Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/510883/100/0/threaded
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12532

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 51984 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.69068
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird)
Zusammenfassung:	Mandriva Security Advisory MDVSA-2011:042 (mozilla-thunderbird)
Beschreibung:	Description: The remote host is missing an update to mozilla-thunderbird announced via advisory MDVSA-2011:042. Security issues were identified and fixed in mozilla-thunderbird: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-0053). Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image (CVE-2011-0061). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-0062). The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element (CVE-2010-1585). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:042 http://www.mozillamessaging.com/en-US/thunderbird/3.1.9/releasenotes/ Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0053 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html BugTraq ID: 46645 http://www.securityfocus.com/bid/46645 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14379 Common Vulnerability Exposure (CVE) ID: CVE-2011-0061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 BugTraq ID: 46651 http://www.securityfocus.com/bid/46651 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14486 Common Vulnerability Exposure (CVE) ID: CVE-2011-0062 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14409 Common Vulnerability Exposure (CVE) ID: CVE-2010-1585 Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search) http://www.securityfocus.com/archive/1/archive/1/510883/100/0/threaded http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/ http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12532
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com