Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.841000
Categoría:Ubuntu Local Security Checks
Título:Ubuntu Update for thunderbird USN-1430-3
Resumen:Ubuntu Update for Linux kernel vulnerabilities USN-1430-3
Descripción:Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1430-3

Vulnerability Insight:
USN-1430-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.

Original advisory details:

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross- ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
thunderbird on Ubuntu 12.04 LTS,
Ubuntu 11.10,
Ubuntu 11.04,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0467
BugTraq ID: 53223
http://www.securityfocus.com/bid/53223
Debian Security Information: DSA-2457 (Google Search)
http://www.debian.org/security/2012/dsa-2457
Debian Security Information: DSA-2458 (Google Search)
http://www.debian.org/security/2012/dsa-2458
Debian Security Information: DSA-2464 (Google Search)
http://www.debian.org/security/2012/dsa-2464
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17074
http://secunia.com/advisories/48920
http://secunia.com/advisories/48922
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
Common Vulnerability Exposure (CVE) ID: CVE-2012-0468
BugTraq ID: 53221
http://www.securityfocus.com/bid/53221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16771
Common Vulnerability Exposure (CVE) ID: CVE-2012-0469
BugTraq ID: 53220
http://www.securityfocus.com/bid/53220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16734
Common Vulnerability Exposure (CVE) ID: CVE-2012-0470
BugTraq ID: 53225
http://www.securityfocus.com/bid/53225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989
Common Vulnerability Exposure (CVE) ID: CVE-2012-0471
BugTraq ID: 53219
http://www.securityfocus.com/bid/53219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961
Common Vulnerability Exposure (CVE) ID: CVE-2012-0473
BugTraq ID: 53231
http://www.securityfocus.com/bid/53231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113
Common Vulnerability Exposure (CVE) ID: CVE-2012-0474
BugTraq ID: 53228
http://www.securityfocus.com/bid/53228
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16107
Common Vulnerability Exposure (CVE) ID: CVE-2012-0475
BugTraq ID: 53230
http://www.securityfocus.com/bid/53230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16279
XForce ISS Database: firefox-websocket-sec-bypass(75153)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75153
Common Vulnerability Exposure (CVE) ID: CVE-2012-0477
BugTraq ID: 53229
http://www.securityfocus.com/bid/53229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889
XForce ISS Database: firefox-iso2022kr-xss(75154)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75154
Common Vulnerability Exposure (CVE) ID: CVE-2012-0478
BugTraq ID: 53227
http://www.securityfocus.com/bid/53227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16893
XForce ISS Database: firefox-teximage2d-dos(75155)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75155
Common Vulnerability Exposure (CVE) ID: CVE-2011-3062
http://osvdb.org/80740
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15488
http://www.securitytracker.com/id?1026877
http://secunia.com/advisories/48618
http://secunia.com/advisories/48691
http://secunia.com/advisories/48763
XForce ISS Database: chrome-sanitizer-code-exec(74412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74412
Common Vulnerability Exposure (CVE) ID: CVE-2011-1187
BugTraq ID: 46785
http://www.securityfocus.com/bid/46785
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14369
http://www.vupen.com/english/advisories/2011/0628
XForce ISS Database: google-unspecified-info-disc(65951)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65951
Common Vulnerability Exposure (CVE) ID: CVE-2012-0479
BugTraq ID: 53224
http://www.securityfocus.com/bid/53224
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011
XForce ISS Database: firefox-rss-spoofing(75156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75156
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.