English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.56623
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2006:0330
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0330.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several bugs were found in the way Thunderbird processes malformed
javascript. A malicious HTML mail message could modify the content of a
different open HTML mail message, possibly stealing sensitive information
or conducting a cross-site scripting attack. Please note that JavaScript
support is disabled by default in Thunderbird. (CVE-2006-1731,
CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Thunderbird processes certain
javascript actions. A malicious HTML mail message could execute arbitrary
javascript instructions with the permissions of 'chrome', allowing the
page to steal sensitive information or install browser malware. Please
note that JavaScript support is disabled by default in Thunderbird.
(CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733,
CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Thunderbird processes malformed HTML
mail messages. A carefully crafted malicious HTML mail message could
cause the execution of arbitrary code as the user running Thunderbird.
(CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738,
CVE-2006-1739, CVE-2006-1790)

A bug was found in the way Thunderbird processes certain inline content
in HTML mail messages. It may be possible for a remote attacker to send a
carefully crafted mail message to the victim, which will fetch remote
content, even if Thunderbird is configured not to fetch remote content.
(CVE-2006-1045)

Users of Thunderbird are advised to upgrade to this updated package
containing Thunderbird version 1.0.8, which is not vulnerable to these
issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0330.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-0292
1015570
http://securitytracker.com/id?1015570
102550
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
16476
http://www.securityfocus.com/bid/16476
18700
http://secunia.com/advisories/18700
18703
http://secunia.com/advisories/18703
18704
http://secunia.com/advisories/18704
18705
http://secunia.com/advisories/18705
18706
http://secunia.com/advisories/18706
18708
http://secunia.com/advisories/18708
18709
http://secunia.com/advisories/18709
19230
http://secunia.com/advisories/19230
19746
http://secunia.com/advisories/19746
19759
http://secunia.com/advisories/19759
19780
http://secunia.com/advisories/19780
19821
http://secunia.com/advisories/19821
19823
http://secunia.com/advisories/19823
19852
http://secunia.com/advisories/19852
19862
http://secunia.com/advisories/19862
19863
http://secunia.com/advisories/19863
19902
http://secunia.com/advisories/19902
19941
http://secunia.com/advisories/19941
19950
http://secunia.com/advisories/19950
20051
http://secunia.com/advisories/20051
20060201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
21033
http://secunia.com/advisories/21033
21622
http://secunia.com/advisories/21622
22065
http://secunia.com/advisories/22065
228526
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
ADV-2006-0413
http://www.vupen.com/english/advisories/2006/0413
ADV-2006-3391
http://www.vupen.com/english/advisories/2006/3391
ADV-2006-3749
http://www.vupen.com/english/advisories/2006/3749
DSA-1044
http://www.debian.org/security/2006/dsa-1044
DSA-1046
http://www.debian.org/security/2006/dsa-1046
DSA-1051
http://www.debian.org/security/2006/dsa-1051
FEDORA-2006-075
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
FEDORA-2006-076
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
FLSA-2006:180036-2
http://www.securityfocus.com/archive/1/425978/100/0/threaded
FLSA:180036-1
http://www.securityfocus.com/archive/1/425975/100/0/threaded
GLSA-200604-12
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
GLSA-200604-18
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
GLSA-200605-09
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HPSBUX02122
http://www.securityfocus.com/archive/1/438730/100/0/threaded
HPSBUX02156
http://www.securityfocus.com/archive/1/446657/100/200/threaded
MDKSA-2006:036
http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
MDKSA-2006:037
http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
MDKSA-2006:078
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
RHSA-2006:0199
http://www.redhat.com/support/errata/RHSA-2006-0199.html
RHSA-2006:0200
http://www.redhat.com/support/errata/RHSA-2006-0200.html
RHSA-2006:0330
http://www.redhat.com/support/errata/RHSA-2006-0330.html
SCOSA-2006.26
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SSRT061158
SSRT061236
SUSE-SA:2006:022
http://www.novell.com/linux/security/advisories/2006_04_25.html
USN-271-1
https://usn.ubuntu.com/271-1/
USN-275-1
https://usn.ubuntu.com/275-1/
USN-276-1
https://usn.ubuntu.com/276-1/
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-01.html
https://bugzilla.mozilla.org/show_bug.cgi?id=316885
mozilla-javascript-memory-corruption(24430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24430
oval:org.mitre.oval:def:10016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016
oval:org.mitre.oval:def:670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670
Common Vulnerability Exposure (CVE) ID: CVE-2006-0296
TA06-038A
http://www.us-cert.gov/cas/techalerts/TA06-038A.html
VU#592425
http://www.kb.cert.org/vuls/id/592425
http://www.mozilla.org/security/announce/2006/mfsa2006-05.html
https://bugzilla.mozilla.org/show_bug.cgi?id=319847
mozilla-xuldocument-command-execution(24434)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24434
oval:org.mitre.oval:def:11803
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803
oval:org.mitre.oval:def:1493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493
Common Vulnerability Exposure (CVE) ID: CVE-2006-0749
BugTraq ID: 17516
http://www.securityfocus.com/bid/17516
Bugtraq: 20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/431126/100/0/threaded
Cert/CC Advisory: TA06-107A
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
CERT/CC vulnerability note: VU#736934
http://www.kb.cert.org/vuls/id/736934
Debian Security Information: DSA-1044 (Google Search)
Debian Security Information: DSA-1046 (Google Search)
Debian Security Information: DSA-1051 (Google Search)
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
HPdes Security Advisory: HPSBTU02118
http://www.securityfocus.com/archive/1/434524/100/0/threaded
HPdes Security Advisory: HPSBUX02122
HPdes Security Advisory: SSRT061145
HPdes Security Advisory: SSRT061158
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11704
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1848
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
SCO Security Bulletin: SCOSA-2006.26
http://secunia.com/advisories/19631
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
SGI Security Advisory: 20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://securityreason.com/securityalert/729
SuSE Security Announcement: SUSE-SA:2006:021 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.vupen.com/english/advisories/2006/1356
XForce ISS Database: mozilla-nshtmlcontentsink-memory-corruption(25819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25819
Common Vulnerability Exposure (CVE) ID: CVE-2006-1045
BugTraq ID: 16881
http://www.securityfocus.com/bid/16881
Bugtraq: 20060228 Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/426347
HPdes Security Advisory: HPSBUX02156
HPdes Security Advisory: SSRT061236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
http://securityreason.com/securityalert/514
XForce ISS Database: thunderbird-inline-information-disclosure(24959)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24959
Common Vulnerability Exposure (CVE) ID: CVE-2006-1724
1015919
http://securitytracker.com/id?1015919
1015920
http://securitytracker.com/id?1015920
1015921
http://securitytracker.com/id?1015921
17516
19631
19649
http://secunia.com/advisories/19649
19696
19714
22066
http://secunia.com/advisories/22066
ADV-2006-1356
ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3748
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
FEDORA-2006-410
FEDORA-2006-411
FLSA:189137-2
HPSBTU02118
HPSBUX02153
http://www.securityfocus.com/archive/1/446658/100/200/threaded
RHSA-2006:0328
SSRT061145
SSRT061181
TA06-107A
VU#350262
http://www.kb.cert.org/vuls/id/350262
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
https://bugzilla.mozilla.org/show_bug.cgi?id=282105
oval:org.mitre.oval:def:10243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10243
oval:org.mitre.oval:def:1901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1901
Common Vulnerability Exposure (CVE) ID: CVE-2006-1727
1015926
http://securitytracker.com/id?1015926
1015927
http://securitytracker.com/id?1015927
1015928
http://securitytracker.com/id?1015928
1015929
http://securitytracker.com/id?1015929
19721
19729
19811
20060404-01-U
FLSA:189137-1
MDKSA-2006:076
RHSA-2006:0329
SUSE-SA:2006:021
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
mozilla-printpreview-privilege-escalation(25824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25824
oval:org.mitre.oval:def:10364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364
oval:org.mitre.oval:def:1649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649
Common Vulnerability Exposure (CVE) ID: CVE-2006-1728
1015922
http://securitytracker.com/id?1015922
1015923
http://securitytracker.com/id?1015923
1015924
http://securitytracker.com/id?1015924
1015925
http://securitytracker.com/id?1015925
102763
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
19794
ADV-2007-0058
http://www.vupen.com/english/advisories/2007/0058
MDKSA-2006:075
VU#932734
http://www.kb.cert.org/vuls/id/932734
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
mozilla-generatecrmfrequest-code-execution(25812)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25812
oval:org.mitre.oval:def:10508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10508
oval:org.mitre.oval:def:1698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1698
Common Vulnerability Exposure (CVE) ID: CVE-2006-1730
1015915
http://securitytracker.com/id?1015915
1015916
http://securitytracker.com/id?1015916
1015917
http://securitytracker.com/id?1015917
1015918
http://securitytracker.com/id?1015918
20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
http://www.securityfocus.com/archive/1/431060/100/0/threaded
720
http://securityreason.com/securityalert/720
VU#179014
http://www.kb.cert.org/vuls/id/179014
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
mozilla-css-letterspacing-overflow(25826)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25826
oval:org.mitre.oval:def:10055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10055
oval:org.mitre.oval:def:1614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1614
Common Vulnerability Exposure (CVE) ID: CVE-2006-1731
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
mozilla-valueof-xss(25820)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25820
oval:org.mitre.oval:def:1955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1955
oval:org.mitre.oval:def:9604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9604
Common Vulnerability Exposure (CVE) ID: CVE-2006-1732
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=313373
mozilla-windows-controllers-xss(25818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25818
oval:org.mitre.oval:def:10232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10232
oval:org.mitre.oval:def:1887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1887
Common Vulnerability Exposure (CVE) ID: CVE-2006-1733
VU#488774
http://www.kb.cert.org/vuls/id/488774
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
mozilla-valueof-code-execution(25817)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
oval:org.mitre.oval:def:10815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
oval:org.mitre.oval:def:2020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
Common Vulnerability Exposure (CVE) ID: CVE-2006-1734
VU#842094
http://www.kb.cert.org/vuls/id/842094
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
mozilla-cloneparent-code-execution(25816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25816
oval:org.mitre.oval:def:10755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10755
oval:org.mitre.oval:def:1247
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1247
Common Vulnerability Exposure (CVE) ID: CVE-2006-1735
VU#813230
http://www.kb.cert.org/vuls/id/813230
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
mozilla-xbl-code-execution(25815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25815
oval:org.mitre.oval:def:1037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037
oval:org.mitre.oval:def:10930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930
Common Vulnerability Exposure (CVE) ID: CVE-2006-1737
VU#329500
http://www.kb.cert.org/vuls/id/329500
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
mozilla-javascript-regexpr-memory-corruption(25808)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25808
oval:org.mitre.oval:def:10817
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10817
oval:org.mitre.oval:def:1829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1829
Common Vulnerability Exposure (CVE) ID: CVE-2006-1738
VU#252324
http://www.kb.cert.org/vuls/id/252324
mozilla-mozgrid-memory-corruption(25811)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25811
oval:org.mitre.oval:def:1687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1687
oval:org.mitre.oval:def:9405
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9405
Common Vulnerability Exposure (CVE) ID: CVE-2006-1739
VU#935556
http://www.kb.cert.org/vuls/id/935556
https://bugzilla.mozilla.org/show_bug.cgi?id=265736
mozilla-css-memory-corruption(25810)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25810
oval:org.mitre.oval:def:1667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1667
oval:org.mitre.oval:def:9817
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9817
Common Vulnerability Exposure (CVE) ID: CVE-2006-1741
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
mozilla-eventhandler-xss(25806)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25806
oval:org.mitre.oval:def:1855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855
oval:org.mitre.oval:def:9167
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167
Common Vulnerability Exposure (CVE) ID: CVE-2006-1742
VU#492382
http://www.kb.cert.org/vuls/id/492382
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
mozilla-garbage-memory-corruption(25807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25807
oval:org.mitre.oval:def:1087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1087
oval:org.mitre.oval:def:11808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11808
Common Vulnerability Exposure (CVE) ID: CVE-2006-1790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1266
XForce ISS Database: mozilla-installtrigger-memory-corruption(25809)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25809
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.