English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75096 CVE Beschreibungen
und 39644 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800638
Kategorie:General
Titel:Mozilla Thunderbird Multiple Vulnerability Jun-09 (Win)
Zusammenfassung:Check for the version of Thunderbird
Beschreibung:

Overview: The host is installed with Thunderbird, which is prone to multiple
vulnerabilities.

Vulnerability Insight:
- Error in js/src/xpconnect/src/xpcwrappedjsclass.cpp file will allow attacker
to execute arbitrary web script.
- An error when handling a non-200 response returned by a proxy in reply to a
CONNECT request, which could cause the body of the response to be rendered
within the context of the request 'Host:' header.
- An error when handling event listeners attached to an element whose owner
document is null.
- Due to content-loading policies not being checked before loading external
script files into XUL documents, which could be exploited to bypass
restrictions.
- An error when handling event listeners attached to an element whose owner
document is null.
- Error exists in JavaScript engine is caused via vectors related to
js_LeaveSharpObject, ParseXMLSource, and a certain assertion in jsinterp.c.
- Error exists via vectors involving 'double frame construction.'

Impact:
Successful exploitation could result in remote arbitrary JavaScript code
execution, spoofing attacks, sensitive information disclosure, and can cause
denial of service.

Impact Level: System/Application

Affected Software/OS:
Thunderbire version prior to 2.0.0.22 on Windows.

Fix: Upgrade to Firefox version 2.0.0.22
http://www.mozilla.com/en-US/thunderbird/all.html

References:
http://www.vupen.com/english/advisories/2009/1572
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
Querverweis: BugTraq ID: 35326
Common Vulnerability Exposure (CVE) ID: CVE-2009-1832
Debian Security Information: DSA-1820 (Google Search)
http://www.debian.org/security/2009/dsa-1820
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
RedHat Security Advisories: RHSA-2009:1095
https://rhn.redhat.com/errata/RHSA-2009-1095.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
http://www.securityfocus.com/bid/35326
BugTraq ID: 35371
http://www.securityfocus.com/bid/35371
http://osvdb.org/55148
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10237
http://securitytracker.com/id?1022376
http://www.securitytracker.com/id?1022397
http://secunia.com/advisories/35331
http://secunia.com/advisories/35431
http://secunia.com/advisories/35439
http://secunia.com/advisories/35440
http://secunia.com/advisories/35468
http://secunia.com/advisories/35415
http://secunia.com/advisories/35561
http://secunia.com/advisories/35602
http://secunia.com/advisories/35882
http://www.vupen.com/english/advisories/2009/1572
http://www.vupen.com/english/advisories/2009/2152
Common Vulnerability Exposure (CVE) ID: CVE-2009-1833
RedHat Security Advisories: RHSA-2009:1096
http://rhn.redhat.com/errata/RHSA-2009-1096.html
http://www.redhat.com/support/errata/RHSA-2009-1125.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.ubuntu.com/usn/usn-782-1
BugTraq ID: 35372
http://www.securityfocus.com/bid/35372
http://osvdb.org/55152
http://osvdb.org/55153
http://osvdb.org/55154
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11487
http://secunia.com/advisories/35428
http://secunia.com/advisories/35536
Common Vulnerability Exposure (CVE) ID: CVE-2009-1836
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
BugTraq ID: 35380
http://www.securityfocus.com/bid/35380
http://osvdb.org/55160
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11764
http://www.securitytracker.com/id?1022396
Common Vulnerability Exposure (CVE) ID: CVE-2009-1838
BugTraq ID: 35383
http://www.securityfocus.com/bid/35383
http://osvdb.org/55157
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11080
Common Vulnerability Exposure (CVE) ID: CVE-2009-1840
http://osvdb.org/55158
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9448
http://www.securitytracker.com/id?1022379
XForce ISS Database: firefox-xul-security-bypass(51076)
http://xforce.iss.net/xforce/xfdb/51076
Common Vulnerability Exposure (CVE) ID: CVE-2009-1841
BugTraq ID: 35373
http://www.securityfocus.com/bid/35373
http://osvdb.org/55159
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9815
Common Vulnerability Exposure (CVE) ID: CVE-2009-1392
BugTraq ID: 35370
http://www.securityfocus.com/bid/35370
http://osvdb.org/55144
http://osvdb.org/55145
http://osvdb.org/55146
http://osvdb.org/55147
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9501
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 39644 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.