English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2017.0477
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2017-0477)
Resumen:The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2017-0477 advisory.
Descripción:Summary:
The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2017-0477 advisory.

Vulnerability Insight:
Multiple vulnerabilities have been fixed in thunderbird.
* JavaScript Execution via RSS in mailbox:// origin (CVE-2017-7846).
* Local path string can be leaked from RSS feed (CVE-2017-7847).
* RSS Feed vulnerable to new line Injection (CVE-2017-7848).
* Mailsploit From address with encoded null character is cut off in
message header display (CVE-2017-7829).

Multiple vulnerabilities have been fixed in the bundled enigmail package.
* An issue was discovered that allows remote attackers to trigger use of
an intended public key for encryption, because incorrect regular
expressions are used for extraction of an e-mail address from a
comma-separated list (CVE-2017-17843).
* A remote attacker can obtain cleartext content by sending an encrypted
data block to a victim, and relying on the victim to automatically
decrypt that block and then send it back to the attacker as quoted text
(CVE-2017-17844).
* An issue was discovered where Improper Random Secret Generation occurs
because Math.Random() is used by pretty Easy privacy (pEp)
(CVE-2017-17845).
* An issue was discovered where regular expressions are exploitable for
Denial of Service, because of attempts to match arbitrarily long strings
(CVE-2017-17846).
* An issue was discovered that signature spoofing is possible because
the UI does not properly distinguish between an attachment signature,
and a signature that applies to the entire containing message
(CVE-2017-17847).
* In a variant of CVE-2017-17847, signature spoofing is possible for
multipart/related messages because a signed message part can be
referenced with a cid: URI but not actually displayed (CVE-2017-17848)

Affected Software/OS:
'thunderbird, thunderbird-l10n' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-17843
Debian Security Information: DSA-4070 (Google Search)
https://www.debian.org/security/2017/dsa-4070
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
https://lists.debian.org/debian-security-announce/2017/msg00333.html
https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-17844
Common Vulnerability Exposure (CVE) ID: CVE-2017-17845
Common Vulnerability Exposure (CVE) ID: CVE-2017-17846
Common Vulnerability Exposure (CVE) ID: CVE-2017-17847
https://sourceforge.net/p/enigmail/bugs/709/
Common Vulnerability Exposure (CVE) ID: CVE-2017-17848
http://seclists.org/fulldisclosure/2019/Apr/38
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
http://www.openwall.com/lists/oss-security/2019/04/30/4
Common Vulnerability Exposure (CVE) ID: CVE-2017-7829
BugTraq ID: 102258
http://www.securityfocus.com/bid/102258
Debian Security Information: DSA-4075 (Google Search)
https://www.debian.org/security/2017/dsa-4075
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html
RedHat Security Advisories: RHSA-2018:0061
https://access.redhat.com/errata/RHSA-2018:0061
http://www.securitytracker.com/id/1040123
https://usn.ubuntu.com/3529-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7846
Common Vulnerability Exposure (CVE) ID: CVE-2017-7847
Common Vulnerability Exposure (CVE) ID: CVE-2017-7848
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.