English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58911
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0401
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0401.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Thunderbird to crash or potentially execute arbitrary code
as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868)

Several denial of service flaws were found in the way Thunderbird handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent Thunderbird from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Thunderbird processed certain APOP
authentication requests. By sending certain responses when Thunderbird
attempted to authenticate against an APOP server, a remote attacker could
potentially acquire certain portions of a user's authentication
credentials. (CVE-2007-1558)

A flaw was found in the way Thunderbird displayed certain web content. A
malicious web page could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of Thunderbird are advised to apply this update, which contains
Thunderbird version 1.5.0.12 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0401.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1362
BugTraq ID: 22879
http://www.securityfocus.com/bid/22879
BugTraq ID: 24242
http://www.securityfocus.com/bid/24242
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Cert/CC Advisory: TA07-151A
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Debian Security Information: DSA-1300 (Google Search)
http://www.debian.org/security/2007/dsa-1300
Debian Security Information: DSA-1306 (Google Search)
http://www.debian.org/security/2007/dsa-1306
Debian Security Information: DSA-1308 (Google Search)
http://www.debian.org/security/2007/dsa-1308
http://security.gentoo.org/glsa/glsa-200706-06.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.osvdb.org/35139
http://osvdb.org/35140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securitytracker.com/id?1018162
http://www.securitytracker.com/id?1018163
http://secunia.com/advisories/25476
http://secunia.com/advisories/25490
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.vupen.com/english/advisories/2007/1994
XForce ISS Database: mozilla-doccookie-dos(34613)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34613
Common Vulnerability Exposure (CVE) ID: CVE-2007-1558
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
BugTraq ID: 23257
http://www.securityfocus.com/bid/23257
Bugtraq: 20070402 APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464477/30/0/threaded
Bugtraq: 20070403 Re: APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464569/100/0/threaded
Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471455/100/0/threaded
Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471720/100/0/threaded
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
http://www.securityfocus.com/archive/1/471842/100/0/threaded
Debian Security Information: DSA-1305 (Google Search)
http://www.debian.org/security/2007/dsa-1305
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securitytracker.com/id?1018008
http://secunia.com/advisories/25353
http://secunia.com/advisories/25402
http://secunia.com/advisories/25496
http://secunia.com/advisories/25529
http://secunia.com/advisories/25546
http://secunia.com/advisories/25664
http://secunia.com/advisories/25798
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/26415
http://secunia.com/advisories/35699
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
Common Vulnerability Exposure (CVE) ID: CVE-2007-2867
CERT/CC vulnerability note: VU#751636
http://www.kb.cert.org/vuls/id/751636
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://osvdb.org/35134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018153
http://secunia.com/advisories/24406
http://secunia.com/advisories/24456
http://secunia.com/advisories/25469
http://secunia.com/advisories/25488
http://secunia.com/advisories/25489
http://secunia.com/advisories/25491
http://secunia.com/advisories/25492
http://secunia.com/advisories/25644
http://secunia.com/advisories/27423
http://secunia.com/advisories/28363
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
http://www.vupen.com/english/advisories/2007/3664
XForce ISS Database: mozilla-layoutengine-dos(34604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
Common Vulnerability Exposure (CVE) ID: CVE-2007-2868
1018151
1018152
http://www.securitytracker.com/id?1018152
1018153
103125
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
20070531 FLEA-2007-0023-1: firefox
20070620 FLEA-2007-0027-1: thunderbird
201505
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
24242
24406
24456
25469
25476
25488
25489
25490
25491
25492
25496
25533
25534
25559
25635
25644
25647
25664
25685
25750
25858
27427
http://secunia.com/advisories/27427
28363
35138
http://osvdb.org/35138
ADV-2007-1994
ADV-2007-3632
http://www.vupen.com/english/advisories/2007/3632
ADV-2008-0082
DSA-1300
DSA-1305
DSA-1306
DSA-1308
FEDORA-2007-308
FEDORA-2007-309
GLSA-200706-06
HPSBUX02153
HPSBUX02156
MDKSA-2007:119
MDKSA-2007:120
MDKSA-2007:131
RHSA-2007:0400
RHSA-2007:0401
RHSA-2007:0402
SSA:2007-066-04
SSA:2007-152-02
SSRT061181
SSRT061236
SUSE-SA:2007:036
TA07-151A
USN-468-1
USN-469-1
VU#609956
http://www.kb.cert.org/vuls/id/609956
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
https://issues.rpath.com/browse/RPL-1424
mozilla-javascripteng-code-execution(34605)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
oval:org.mitre.oval:def:10711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
Common Vulnerability Exposure (CVE) ID: CVE-2007-2869
http://osvdb.org/35135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11208
http://www.securitytracker.com/id?1018154
XForce ISS Database: firefox-autocomplete-dos(34612)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34612
Common Vulnerability Exposure (CVE) ID: CVE-2007-2871
http://osvdb.org/35137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
XForce ISS Database: mozilla-xulpopups-spoofing(34606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.