Test ID:	1.3.6.1.4.1.25623.1.0.52582
Category:	Fedora Local Security Checks
Title:	Fedora Core 3 FEDORA-2005-247 (thunderbird)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to thunderbird announced via advisory FEDORA-2005-247. Mozilla Thunderbird is a standalone mail and newsgroup client. A buffer overflow bug was found in the way Thunderbird processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the Thunderbird string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255 to this issue. Users of Thunderbird are advised to upgrade to this updated package which contains Thunderbird version 1.0.2 and is not vulnerable to these issues. This update enables pango rendering by default. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/blog/index.php?p=517 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0399 12881 http://www.securityfocus.com/bid/12881 14654 http://secunia.com/advisories/14654 15495 http://www.securityfocus.com/bid/15495 19823 http://secunia.com/advisories/19823 20050323 Mozilla Foundation GIF Overflow http://xforce.iss.net/xforce/alerts/id/191 ADV-2005-0296 http://www.vupen.com/english/advisories/2005/0296 GLSA-200503-30 http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml P-160 http://www.ciac.org/ciac/bulletins/p-160.shtml RHSA-2005:323 http://www.redhat.com/support/errata/RHSA-2005-323.html RHSA-2005:335 http://www.redhat.com/support/errata/RHSA-2005-335.html RHSA-2005:336 http://www.redhat.com/support/errata/RHSA-2005-336.html RHSA-2005:337 http://www.redhat.com/support/errata/RHSA-2005-337.html SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt SUSE-SA:2006:022 http://www.novell.com/linux/security/advisories/2006_04_25.html VU#557948 http://www.kb.cert.org/vuls/id/557948 gif-extension-overflow(19269) https://exchange.xforce.ibmcloud.com/vulnerabilities/19269 http://www.mozilla.org/security/announce/mfsa2005-30.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877 oval:org.mitre.oval:def:100028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028 oval:org.mitre.oval:def:11377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377 Common Vulnerability Exposure (CVE) ID: CVE-2005-0255 BugTraq ID: 12659 http://www.securityfocus.com/bid/12659 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111 http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/RHSA-2005-277.html SuSE Security Announcement: SUSE-SA:2005:016 (Google Search) http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.