Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1343

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70302

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:1343

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1343.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled frame objects with certain
names. An attacker could use this flaw to cause a plug-in to grant its
content access to another site or the local file system, violating the
same-origin policy. (CVE-2011-2999)

An integer underflow flaw was found in the way Thunderbird handled large
JavaScript regular expressions. An HTML mail message containing malicious
JavaScript could cause Thunderbird to access already freed memory, causing
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2011-2998)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1343.html

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2998
Debian Security Information: DSA-2312 (Google Search)
http://www.debian.org/security/2011/dsa-2312
Debian Security Information: DSA-2313 (Google Search)
http://www.debian.org/security/2011/dsa-2313
Debian Security Information: DSA-2317 (Google Search)
http://www.debian.org/security/2011/dsa-2317
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012
http://www.redhat.com/support/errata/RHSA-2011-1341.html
SuSE Security Announcement: SUSE-SU-2011:1256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2999
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14252
http://secunia.com/advisories/46315
SuSE Security Announcement: openSUSE-SU-2011:1076 (Google Search)
http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70302
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:1343
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:1343. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2998) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1343.html Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2998 Debian Security Information: DSA-2312 (Google Search) http://www.debian.org/security/2011/dsa-2312 Debian Security Information: DSA-2313 (Google Search) http://www.debian.org/security/2011/dsa-2313 Debian Security Information: DSA-2317 (Google Search) http://www.debian.org/security/2011/dsa-2317 http://www.mandriva.com/security/advisories?name=MDVSA-2011:139 http://www.mandriva.com/security/advisories?name=MDVSA-2011:140 http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012 http://www.redhat.com/support/errata/RHSA-2011-1341.html SuSE Security Announcement: SUSE-SU-2011:1256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2999 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14252 http://secunia.com/advisories/46315 SuSE Security Announcement: openSUSE-SU-2011:1076 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com