English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.800363
Categoría:Buffer overflow
Título:Mozilla Thunderbird Multiple Vulnerabilities (Mar 2009) - Windows
Resumen:Mozilla Thunderbird is prone to multiple vulnerabilities.
Descripción:Summary:
Mozilla Thunderbird is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws due to:

- Layout engine error which causes memory corruption and assertion failures.

- Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
garage collection which triggers memory corruption.

- Layout engine error through a splice of an array that contains 'non-set'
elements which causes 'jsarray.cpp' to pass an incorrect argument to the
'ResizeSlots' function which causes application crash.

- Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
__defineSetter__ and watch which causes a segmentation fault.

- Layout engine error in the vector related to 'gczeal'.

- Double free vulnerability in Thunderbird via 'cloned XUL DOM elements'
which were linked as a parent and child are not properly handled during
garbage collection which causes arbitrary code execution.

- 'nsIRDFService' in Thunderbird allows to bypass the same origin policy and
read XML data through another domain by cross-domain redirect.

- Error while decoding invisible characters when they are displayed in the
location bar which causes incorrect address to be displayed in the URL bar
and causes spoofing attacks.

Vulnerability Impact:
Successful exploitation will let attacker execute arbitrary code in the
context of an affected web application or can cause URL address bar
spoofing attacks or may cause denial of service.

Affected Software/OS:
Thunderbird version prior to 2.0.0.21 on Windows.

Solution:
Upgrade to Thunderbird version 2.0.0.21.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0771
1021795
http://www.securitytracker.com/id?1021795
33990
http://www.securityfocus.com/bid/33990
34140
http://secunia.com/advisories/34140
34145
http://secunia.com/advisories/34145
34272
http://secunia.com/advisories/34272
34383
http://secunia.com/advisories/34383
34462
http://secunia.com/advisories/34462
34464
http://secunia.com/advisories/34464
34527
http://secunia.com/advisories/34527
ADV-2009-0632
http://www.vupen.com/english/advisories/2009/0632
DSA-1751
http://www.debian.org/security/2009/dsa-1751
DSA-1830
http://www.debian.org/security/2009/dsa-1830
FEDORA-2009-3101
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
MDVSA-2009:083
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
RHSA-2009:0315
http://www.redhat.com/support/errata/RHSA-2009-0315.html
SSA:2009-083-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
SSA:2009-083-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
SUSE-SA:2009:012
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276%2C435209%2C436965%2C460706%2C466057%2C468578%2C471594%2C472502
oval:org.mitre.oval:def:11314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11314
oval:org.mitre.oval:def:5250
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5250
oval:org.mitre.oval:def:6163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6163
oval:org.mitre.oval:def:6196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6196
oval:org.mitre.oval:def:6755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6755
Common Vulnerability Exposure (CVE) ID: CVE-2009-0772
34137
http://secunia.com/advisories/34137
34324
http://secunia.com/advisories/34324
34387
http://secunia.com/advisories/34387
34417
http://secunia.com/advisories/34417
FEDORA-2009-2882
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
FEDORA-2009-2884
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
RHSA-2009:0258
http://www.redhat.com/support/errata/RHSA-2009-0258.html
RHSA-2009:0325
http://www.redhat.com/support/errata/RHSA-2009-0325.html
SUSE-SA:2009:023
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
USN-741-1
https://usn.ubuntu.com/741-1/
https://bugzilla.mozilla.org/show_bug.cgi?id=475136
oval:org.mitre.oval:def:5703
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703
oval:org.mitre.oval:def:5945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945
oval:org.mitre.oval:def:6097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097
oval:org.mitre.oval:def:6811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811
oval:org.mitre.oval:def:9609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609
Common Vulnerability Exposure (CVE) ID: CVE-2009-0773
https://bugzilla.mozilla.org/show_bug.cgi?id=457521
https://bugzilla.mozilla.org/show_bug.cgi?id=467499
https://bugzilla.mozilla.org/show_bug.cgi?id=472787
oval:org.mitre.oval:def:10491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10491
oval:org.mitre.oval:def:5856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5856
oval:org.mitre.oval:def:5980
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5980
oval:org.mitre.oval:def:6141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6141
oval:org.mitre.oval:def:6708
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6708
Common Vulnerability Exposure (CVE) ID: CVE-2009-0774
https://bugzilla.mozilla.org/show_bug.cgi?id=473709
oval:org.mitre.oval:def:11138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138
oval:org.mitre.oval:def:5947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947
oval:org.mitre.oval:def:6057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057
oval:org.mitre.oval:def:6121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121
oval:org.mitre.oval:def:6945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945
Common Vulnerability Exposure (CVE) ID: CVE-2009-0775
1021796
http://www.securitytracker.com/id?1021796
http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
https://bugzilla.mozilla.org/show_bug.cgi?id=474456
oval:org.mitre.oval:def:5806
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806
oval:org.mitre.oval:def:5816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816
oval:org.mitre.oval:def:6207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207
oval:org.mitre.oval:def:7584
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584
oval:org.mitre.oval:def:9681
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681
Common Vulnerability Exposure (CVE) ID: CVE-2009-0776
1021797
http://www.securitytracker.com/id?1021797
http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
https://bugzilla.mozilla.org/show_bug.cgi?id=414540
oval:org.mitre.oval:def:5956
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956
oval:org.mitre.oval:def:6017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017
oval:org.mitre.oval:def:6191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191
oval:org.mitre.oval:def:7390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390
oval:org.mitre.oval:def:9241
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241
Common Vulnerability Exposure (CVE) ID: CVE-2009-0777
1021799
http://securitytracker.com/alerts/2009/Mar/1021799.html
http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
https://bugzilla.mozilla.org/show_bug.cgi?id=452979
mozilla-invisible-url-spoofing(49087)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49087
oval:org.mitre.oval:def:11222
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222
oval:org.mitre.oval:def:6039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039
oval:org.mitre.oval:def:6157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157
oval:org.mitre.oval:def:6229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229
oval:org.mitre.oval:def:7435
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435
CopyrightCopyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.