Test ID:	1.3.6.1.4.1.25623.1.0.57004
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200606-21 (mozilla-thunderbird)
Summary:	The remote host is missing updates announced in;advisory GLSA 200606-21.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200606-21. Vulnerability Insight: Several vulnerabilities in Mozilla Thunderbird allow cross site scripting, JavaScript privilege escalation and possibly execution of arbitrary code. Solution: All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-1.5.0.4' All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-1.5.0.4' Note: There is no stable fixed version for the Alpha architecture yet. Users of Mozilla Thunderbird on Alpha should consider unmerging it until such a version is available. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2775 BugTraq ID: 18228 http://www.securityfocus.com/bid/18228 Bugtraq: 20060602 rPSA-2006-0091-1 firefox thunderbird (Google Search) http://www.securityfocus.com/archive/1/435795/100/0/threaded Cert/CC Advisory: TA06-153A http://www.us-cert.gov/cas/techalerts/TA06-153A.html CERT/CC vulnerability note: VU#243153 http://www.kb.cert.org/vuls/id/243153 Debian Security Information: DSA-1118 (Google Search) http://www.debian.org/security/2006/dsa-1118 Debian Security Information: DSA-1120 (Google Search) http://www.debian.org/security/2006/dsa-1120 Debian Security Information: DSA-1134 (Google Search) http://www.debian.org/security/2006/dsa-1134 http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml HPdes Security Advisory: HPSBUX02153 http://www.securityfocus.com/archive/1/446658/100/200/threaded HPdes Security Advisory: HPSBUX02156 http://www.securityfocus.com/archive/1/446657/100/200/threaded HPdes Security Advisory: SSRT061181 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 http://securitytracker.com/id?1016202 http://securitytracker.com/id?1016214 http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21210 http://secunia.com/advisories/21324 http://secunia.com/advisories/21532 http://secunia.com/advisories/21607 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 SuSE Security Announcement: SUSE-SA:2006:035 (Google Search) http://www.novell.com/linux/security/advisories/2006_35_mozilla.html https://usn.ubuntu.com/296-1/ https://usn.ubuntu.com/296-2/ https://usn.ubuntu.com/297-1/ https://usn.ubuntu.com/297-3/ https://usn.ubuntu.com/323-1/ http://www.vupen.com/english/advisories/2006/2106 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/3749 http://www.vupen.com/english/advisories/2008/0083 XForce ISS Database: mozilla-xul-code-execution(26846) https://exchange.xforce.ibmcloud.com/vulnerabilities/26846 Common Vulnerability Exposure (CVE) ID: CVE-2006-2776 CERT/CC vulnerability note: VU#575969 http://www.kb.cert.org/vuls/id/575969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9849 http://www.redhat.com/support/errata/RHSA-2006-0578.html http://www.redhat.com/support/errata/RHSA-2006-0594.html RedHat Security Advisories: RHSA-2006:0609 http://rhn.redhat.com/errata/RHSA-2006-0609.html http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0611.html http://secunia.com/advisories/21134 http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21336 http://secunia.com/advisories/21631 http://secunia.com/advisories/24108 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102800-1 http://www.vupen.com/english/advisories/2007/0573 XForce ISS Database: mozilla-contentdefined-code-execution(26848) https://exchange.xforce.ibmcloud.com/vulnerabilities/26848 Common Vulnerability Exposure (CVE) ID: CVE-2006-2778 CERT/CC vulnerability note: VU#421529 http://www.kb.cert.org/vuls/id/421529 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1 http://www.vupen.com/english/advisories/2007/0058 XForce ISS Database: mozilla-crypto-signtext-bo(26849) https://exchange.xforce.ibmcloud.com/vulnerabilities/26849 Common Vulnerability Exposure (CVE) ID: CVE-2006-2779 CERT/CC vulnerability note: VU#466673 http://www.kb.cert.org/vuls/id/466673 Debian Security Information: DSA-1159 (Google Search) http://www.debian.org/security/2006/dsa-1159 Debian Security Information: DSA-1160 (Google Search) http://www.debian.org/security/2006/dsa-1160 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762 http://secunia.com/advisories/21634 http://secunia.com/advisories/21654 http://secunia.com/advisories/27216 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1 http://www.vupen.com/english/advisories/2007/3488 XForce ISS Database: mozilla-browserengine-memory-corruption(26843) https://exchange.xforce.ibmcloud.com/vulnerabilities/26843 Common Vulnerability Exposure (CVE) ID: CVE-2006-2780 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11305 Common Vulnerability Exposure (CVE) ID: CVE-2006-2781 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10247 http://secunia.com/advisories/20394 XForce ISS Database: mozilla-vcard-doublefree-memory-corruption(26850) https://exchange.xforce.ibmcloud.com/vulnerabilities/26850 Common Vulnerability Exposure (CVE) ID: CVE-2006-2783 http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10772 http://secunia.com/advisories/31074 http://secunia.com/advisories/35379 http://www.vupen.com/english/advisories/2008/2094/references http://www.vupen.com/english/advisories/2009/1522 XForce ISS Database: mozilla-bom-utf8-xss(26852) https://exchange.xforce.ibmcloud.com/vulnerabilities/26852 Common Vulnerability Exposure (CVE) ID: CVE-2006-2786 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966 XForce ISS Database: mozilla-http-response-smuggling(26844) https://exchange.xforce.ibmcloud.com/vulnerabilities/26844 Common Vulnerability Exposure (CVE) ID: CVE-2006-2787 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9491 XForce ISS Database: mozilla-valueof-sandbox-bypass(26842) https://exchange.xforce.ibmcloud.com/vulnerabilities/26842
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.