English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.880870
Categoría:CentOS Local Security Checks
Título:CentOS Update for thunderbird CESA-2009:1126 centos5 i386
Resumen:The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,
CVE-2009-1838)

Several flaws were found in the way malformed HTML mail content was
processed. An HTML mail message containing malicious content could execute
arbitrary JavaScript in the context of the mail message, possibly
presenting misleading data to the user, or stealing sensitive information
such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,
CVE-2009-1309)

A flaw was found in the way Thunderbird handled error responses returned
from proxy servers. If an attacker is able to conduct a man-in-the-middle
attack against a Thunderbird instance that is using a proxy server, they
may be able to steal sensitive information from the site Thunderbird is
displaying. (CVE-2009-1836)

Note: JavaScript support is disabled by default in Thunderbird. None of the
above issues are exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Affected Software/OS:
thunderbird on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1303
1022090
http://www.securitytracker.com/id?1022090
264308
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
34656
http://www.securityfocus.com/bid/34656
34758
http://secunia.com/advisories/34758
34780
http://secunia.com/advisories/34780
34843
http://secunia.com/advisories/34843
34844
http://secunia.com/advisories/34844
34894
http://secunia.com/advisories/34894
35042
http://secunia.com/advisories/35042
35065
http://secunia.com/advisories/35065
35536
http://secunia.com/advisories/35536
35602
http://secunia.com/advisories/35602
ADV-2009-1125
http://www.vupen.com/english/advisories/2009/1125
DSA-1797
http://www.debian.org/security/2009/dsa-1797
DSA-1830
http://www.debian.org/security/2009/dsa-1830
FEDORA-2009-3875
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
MDVSA-2009:111
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
MDVSA-2009:141
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
RHSA-2009:0436
http://www.redhat.com/support/errata/RHSA-2009-0436.html
RHSA-2009:0437
http://rhn.redhat.com/errata/RHSA-2009-0437.html
RHSA-2009:1125
http://www.redhat.com/support/errata/RHSA-2009-1125.html
RHSA-2009:1126
http://www.redhat.com/support/errata/RHSA-2009-1126.html
SSA:2009-178-01
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
SUSE-SR:2009:010
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
USN-764-1
https://usn.ubuntu.com/764-1/
USN-782-1
http://www.ubuntu.com/usn/usn-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
https://bugzilla.mozilla.org/show_bug.cgi?id=453736
oval:org.mitre.oval:def:5810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5810
oval:org.mitre.oval:def:5992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5992
oval:org.mitre.oval:def:6151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6151
oval:org.mitre.oval:def:6646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6646
oval:org.mitre.oval:def:9455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9455
Common Vulnerability Exposure (CVE) ID: CVE-2009-1305
https://bugzilla.mozilla.org/show_bug.cgi?id=476049
oval:org.mitre.oval:def:10110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10110
oval:org.mitre.oval:def:6090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6090
oval:org.mitre.oval:def:6232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6232
oval:org.mitre.oval:def:6248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6248
oval:org.mitre.oval:def:6921
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6921
Common Vulnerability Exposure (CVE) ID: CVE-2009-1306
1022095
http://www.securitytracker.com/id?1022095
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
https://bugzilla.mozilla.org/show_bug.cgi?id=474536
oval:org.mitre.oval:def:10150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150
oval:org.mitre.oval:def:6021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021
oval:org.mitre.oval:def:6194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194
oval:org.mitre.oval:def:6312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312
oval:org.mitre.oval:def:6710
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710
Common Vulnerability Exposure (CVE) ID: CVE-2009-1307
1022093
http://www.securitytracker.com/id?1022093
35561
http://secunia.com/advisories/35561
35882
http://secunia.com/advisories/35882
FEDORA-2009-7567
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
FEDORA-2009-7614
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
SSA:2009-176-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=481342
oval:org.mitre.oval:def:10972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
oval:org.mitre.oval:def:5933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
oval:org.mitre.oval:def:6154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
oval:org.mitre.oval:def:6266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
oval:org.mitre.oval:def:7008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
Common Vulnerability Exposure (CVE) ID: CVE-2009-1308
1022097
http://www.securitytracker.com/id?1022097
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
https://bugzilla.mozilla.org/show_bug.cgi?id=481558
oval:org.mitre.oval:def:10428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
oval:org.mitre.oval:def:6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
oval:org.mitre.oval:def:6185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
oval:org.mitre.oval:def:6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
oval:org.mitre.oval:def:7285
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
Common Vulnerability Exposure (CVE) ID: CVE-2009-1309
1022094
http://www.securitytracker.com/id?1022094
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
https://bugzilla.mozilla.org/show_bug.cgi?id=478433
https://bugzilla.mozilla.org/show_bug.cgi?id=482206
oval:org.mitre.oval:def:5265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265
oval:org.mitre.oval:def:5591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591
oval:org.mitre.oval:def:6139
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139
oval:org.mitre.oval:def:6831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831
oval:org.mitre.oval:def:9494
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494
Common Vulnerability Exposure (CVE) ID: CVE-2009-1392
1020800
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
1022376
http://securitytracker.com/id?1022376
1022397
http://www.securitytracker.com/id?1022397
265068
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
35326
http://www.securityfocus.com/bid/35326
35331
http://secunia.com/advisories/35331
35370
http://www.securityfocus.com/bid/35370
35415
http://secunia.com/advisories/35415
35428
http://secunia.com/advisories/35428
35431
http://secunia.com/advisories/35431
35439
http://secunia.com/advisories/35439
35440
http://secunia.com/advisories/35440
35468
http://secunia.com/advisories/35468
55144
http://osvdb.org/55144
55145
http://osvdb.org/55145
55146
http://osvdb.org/55146
55147
http://osvdb.org/55147
ADV-2009-1572
http://www.vupen.com/english/advisories/2009/1572
ADV-2009-2152
http://www.vupen.com/english/advisories/2009/2152
DSA-1820
http://www.debian.org/security/2009/dsa-1820
FEDORA-2009-6366
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
FEDORA-2009-6411
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
RHSA-2009:1095
https://rhn.redhat.com/errata/RHSA-2009-1095.html
RHSA-2009:1096
http://rhn.redhat.com/errata/RHSA-2009-1096.html
SSA:2009-167-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=380359
https://bugzilla.mozilla.org/show_bug.cgi?id=429969
https://bugzilla.mozilla.org/show_bug.cgi?id=431086
https://bugzilla.mozilla.org/show_bug.cgi?id=432068
https://bugzilla.mozilla.org/show_bug.cgi?id=451341
https://bugzilla.mozilla.org/show_bug.cgi?id=472776
https://bugzilla.mozilla.org/show_bug.cgi?id=486398
https://bugzilla.mozilla.org/show_bug.cgi?id=489041
https://bugzilla.mozilla.org/show_bug.cgi?id=490410
https://bugzilla.mozilla.org/show_bug.cgi?id=490425
https://bugzilla.mozilla.org/show_bug.cgi?id=490513
https://bugzilla.redhat.com/show_bug.cgi?id=503568
oval:org.mitre.oval:def:9501
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501
Common Vulnerability Exposure (CVE) ID: CVE-2009-1833
35372
http://www.securityfocus.com/bid/35372
55152
http://osvdb.org/55152
55153
http://osvdb.org/55153
55154
http://osvdb.org/55154
https://bugzilla.mozilla.org/show_bug.cgi?id=369696
https://bugzilla.mozilla.org/show_bug.cgi?id=426520
https://bugzilla.mozilla.org/show_bug.cgi?id=427196
https://bugzilla.mozilla.org/show_bug.cgi?id=487204
https://bugzilla.redhat.com/show_bug.cgi?id=503570
oval:org.mitre.oval:def:11487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11487
Common Vulnerability Exposure (CVE) ID: CVE-2009-1836
1022396
http://www.securitytracker.com/id?1022396
35380
http://www.securityfocus.com/bid/35380
55160
http://osvdb.org/55160
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479880
https://bugzilla.redhat.com/show_bug.cgi?id=503578
oval:org.mitre.oval:def:11764
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764
Common Vulnerability Exposure (CVE) ID: CVE-2009-1838
35383
http://www.securityfocus.com/bid/35383
55157
http://osvdb.org/55157
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
https://bugzilla.redhat.com/show_bug.cgi?id=503580
oval:org.mitre.oval:def:11080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.