Test ID:	1.3.6.1.4.1.25623.1.0.68287
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0812
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0812. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Note: JavaScript support is disabled by default in Thunderbird. The CVE-2010-3765 issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0812.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3765 BugTraq ID: 44425 http://www.securityfocus.com/bid/44425 Debian Security Information: DSA-2124 (Google Search) http://www.debian.org/security/2010/dsa-2124 http://www.exploit-db.com/exploits/15341 http://www.exploit-db.com/exploits/15342 http://www.exploit-db.com/exploits/15352 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:213 http://www.mandriva.com/security/advisories?name=MDVSA-2010:219 http://isc.sans.edu/diary.html?storyid=9817 http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter http://www.norman.com/about_norman/press_center/news_archive/2010/129223/ http://www.norman.com/security_center/virus_description_archive/129146/ https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108 http://www.redhat.com/support/errata/RHSA-2010-0808.html http://www.redhat.com/support/errata/RHSA-2010-0809.html http://www.redhat.com/support/errata/RHSA-2010-0810.html RedHat Security Advisories: RHSA-2010:0812 https://rhn.redhat.com/errata/RHSA-2010-0812.html http://www.redhat.com/support/errata/RHSA-2010-0861.html http://www.redhat.com/support/errata/RHSA-2010-0896.html http://www.securitytracker.com/id?1024645 http://www.securitytracker.com/id?1024650 http://www.securitytracker.com/id?1024651 http://secunia.com/advisories/41761 http://secunia.com/advisories/41965 http://secunia.com/advisories/41966 http://secunia.com/advisories/41969 http://secunia.com/advisories/41975 http://secunia.com/advisories/42003 http://secunia.com/advisories/42008 http://secunia.com/advisories/42043 http://secunia.com/advisories/42867 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706 http://www.ubuntu.com/usn/usn-1011-1 http://www.ubuntu.com/usn/USN-1011-2 http://www.ubuntu.com/usn/USN-1011-3 http://www.vupen.com/english/advisories/2010/2837 http://www.vupen.com/english/advisories/2010/2857 http://www.vupen.com/english/advisories/2010/2864 http://www.vupen.com/english/advisories/2010/2871 http://www.vupen.com/english/advisories/2011/0061
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.