ID de Prueba:	1.3.6.1.4.1.25623.1.0.52364
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: thunderbird
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: thunderbird de-linux-mozillafirebird el-linux-mozillafirebird firefox ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 mozilla-gtk1 linux-mozilla linux-mozilla-devel mozilla de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix CVE-2004-0905 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possible execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. CVE-2004-0908 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. CVE-2004-0909 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0905 BugTraq ID: 11177 http://www.securityfocus.com/bid/11177 Cert/CC Advisory: TA04-261A http://www.us-cert.gov/cas/techalerts/TA04-261A.html CERT/CC vulnerability note: VU#651928 http://www.kb.cert.org/vuls/id/651928 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml HPdes Security Advisory: SSRT4826 http://marc.info/?l=bugtraq&m=109698896104418&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378 SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-netscape-sameorigin-bypass(17374) https://exchange.xforce.ibmcloud.com/vulnerabilities/17374 Common Vulnerability Exposure (CVE) ID: CVE-2004-0908 BugTraq ID: 11179 http://www.securityfocus.com/bid/11179 CERT/CC vulnerability note: VU#460528 http://www.kb.cert.org/vuls/id/460528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745 http://secunia.com/advisories/12526 XForce ISS Database: mozilla-shortcut-clipboard-access(17376) https://exchange.xforce.ibmcloud.com/vulnerabilities/17376 Common Vulnerability Exposure (CVE) ID: CVE-2004-0909 CERT/CC vulnerability note: VU#113192 http://www.kb.cert.org/vuls/id/113192 XForce ISS Database: mozilla-enableprivilege-modify-dialog(17377) https://exchange.xforce.ibmcloud.com/vulnerabilities/17377
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.