English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 75803 Descripciones CVE y
40037 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.71218
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2012:0516
Resumen:Redhat Security Advisory RHSA-2012:0516
Descripción:The remote host is missing updates announced in
advisory RHSA-2012:0516.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to
help prevent potential exploits in malformed OpenType fonts. Malicious
content could cause Thunderbird to crash or, under certain conditions,
possibly execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2011-3062)

Malicious content could cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)

Content containing a malicious Scalable Vector Graphics (SVG) image file
could cause Thunderbird to crash or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird. (CVE-2012-0470)

A flaw was found in the way Thunderbird used its embedded Cairo library to
render certain fonts. Malicious content could cause Thunderbird to crash
or, under certain conditions, possibly execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2012-0472)

A flaw was found in the way Thunderbird rendered certain images using
WebGL. Malicious content could cause Thunderbird to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2012-0478)

A cross-site scripting (XSS) flaw was found in the way Thunderbird handled
certain multibyte character sets. Malicious content could cause Thunderbird
to run JavaScript code with the permissions of different content.
(CVE-2012-0471)

A flaw was found in the way Thunderbird rendered certain graphics using
WebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)

A flaw in the built-in feed reader in Thunderbird allowed the Website field
to display the address of different content than the content the user was
visiting. An attacker could use this flaw to conceal a malicious URL,
possibly tricking a user into believing they are viewing a trusted site, or
allowing scripts to be loaded from the attacker's site, possibly leading to
cross-site scripting (XSS) attacks. (CVE-2012-0474)

A flaw was found in the way Thunderbird decoded the ISO-2022-KR and
ISO-2022-CN character sets. Malicious content could cause Thunderbird
to run JavaScript code with the permissions of different content.
(CVE-2012-0477)

A flaw was found in the way the built-in feed reader in Thunderbird handled
RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused
Thunderbird to display the address of said content, but not the content.
The previous content continued to be displayed. An attacker could use this
flaw to perform phishing attacks, or trick users into thinking they are
visiting the site reported by the Website field, when the page is actually
content controlled by an attacker. (CVE-2012-0479)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the
original reporter of CVE-2011-3062
Aki Helin from OUSPG as the original
reporter of CVE-2012-0469
Atte Kettunen from OUSPG as the original
reporter of CVE-2012-0470
wushi of team509 via iDefense as the original
reporter of CVE-2012-0472
Ms2ger as the original reporter of
CVE-2012-0478
Anne van Kesteren of Opera Software as the original reporter
of CVE-2012-0471
Matias Juntunen as the original reporter of
CVE-2012-0473
Jordi Chancel and Eddy Bordi, and Chris McGowen as the
original reporters of CVE-2012-0474
Masato Kinugawa as the original
reporter of CVE-2012-0477
and Jeroen van der Gun as the original reporter
of CVE-2012-0479.

Note: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062
cannot be exploited by a specially-crafted HTML mail message as JavaScript
is disabled by default for mail messages. It could be exploited another way
in Thunderbird, for example, when viewing the full remote content of an
RSS feed.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-0516.html

Risk factor : High
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3062
http://osvdb.org/80740
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15488
http://www.securitytracker.com/id?1026877
http://secunia.com/advisories/48618
http://secunia.com/advisories/48691
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
http://secunia.com/advisories/48763
XForce ISS Database: chrome-sanitizer-code-exec(74412)
http://xforce.iss.net/xforce/xfdb/74412
Common Vulnerability Exposure (CVE) ID: CVE-2012-0467
BugTraq ID: 53223
http://www.securityfocus.com/bid/53223
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17074
http://secunia.com/advisories/48920
http://secunia.com/advisories/48922
Common Vulnerability Exposure (CVE) ID: CVE-2012-0468
BugTraq ID: 53221
http://www.securityfocus.com/bid/53221
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16771
Common Vulnerability Exposure (CVE) ID: CVE-2012-0469
BugTraq ID: 53220
http://www.securityfocus.com/bid/53220
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16734
Common Vulnerability Exposure (CVE) ID: CVE-2012-0470
BugTraq ID: 53225
http://www.securityfocus.com/bid/53225
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16989
Common Vulnerability Exposure (CVE) ID: CVE-2012-0471
BugTraq ID: 53219
http://www.securityfocus.com/bid/53219
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16961
Common Vulnerability Exposure (CVE) ID: CVE-2012-0472
BugTraq ID: 53218
http://www.securityfocus.com/bid/53218
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17067
Common Vulnerability Exposure (CVE) ID: CVE-2012-0473
BugTraq ID: 53231
http://www.securityfocus.com/bid/53231
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16113
Common Vulnerability Exposure (CVE) ID: CVE-2012-0474
BugTraq ID: 53228
http://www.securityfocus.com/bid/53228
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16107
Common Vulnerability Exposure (CVE) ID: CVE-2012-0477
BugTraq ID: 53229
http://www.securityfocus.com/bid/53229
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16889
Common Vulnerability Exposure (CVE) ID: CVE-2012-0478
BugTraq ID: 53227
http://www.securityfocus.com/bid/53227
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16893
XForce ISS Database: firefox-teximage2d-dos(75155)
http://xforce.iss.net/xforce/xfdb/75155
Common Vulnerability Exposure (CVE) ID: CVE-2012-0479
BugTraq ID: 53224
http://www.securityfocus.com/bid/53224
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17011
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40037 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.