English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58879
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0108
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0108.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed certain malformed
JavaScript code. A malicious HTML mail message could execute JavaScript
code in such a way that may result in Thunderbird crashing or executing
arbitrary code as the user running Thunderbird. JavaScript support is
disabled by default in Thunderbird
these issues are not exploitable unless
the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777)

Several cross-site scripting (XSS) flaws were found in the way Thunderbird
processed certain malformed HTML mail messages. A malicious HTML mail
message could display misleading information which may result in a user
unknowingly divulging sensitive information such as a password.
(CVE-2006-6077, CVE-2007-0995, CVE-2007-0996)

A flaw was found in the way Thunderbird processed text/enhanced and
text/richtext formatted mail message. A specially crafted mail message
could execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2007-1282)

A flaw was found in the way Thunderbird cached web content on the local
disk. A malicious HTML mail message may be able to inject arbitrary HTML
into a browsing session if the user reloads a targeted site. (CVE-2007-0778)

A flaw was found in the way Thunderbird displayed certain web content. A
malicious HTML mail message could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking a
user into thinking they are visiting a different site. (CVE-2007-0779)

Two flaws were found in the way Thunderbird displayed blocked popup
windows. If a user can be convinced to open a blocked popup, it is possible
to read arbitrary local files, or conduct an XSS attack against the user.
(CVE-2007-0780, CVE-2007-0800)

Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Thunderbird. (CVE-2007-0008, CVE-2007-0009)

A flaw was found in the way Thunderbird handled the location.hostname
value during certain browser domain checks. This flaw could allow a
malicious HTML mail message to set domain cookies for an arbitrary site, or
possibly perform an XSS attack. (CVE-2007-0981)

Users of Thunderbird are advised to apply this update, which contains
Thunderbird version 1.5.0.10 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0108.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6077
BugTraq ID: 21240
http://www.securityfocus.com/bid/21240
BugTraq ID: 22694
http://www.securityfocus.com/bid/22694
Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452382/100/0/threaded
Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452431/100/0/threaded
Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452440/100/0/threaded
Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452463/100/0/threaded
Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/454982/100/0/threaded
Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455073/100/0/threaded
Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455148/100/0/threaded
Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Debian Security Information: DSA-1336 (Google Search)
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.info-svc.com/news/11-21-2006/
http://www.info-svc.com/news/11-21-2006/rcsr1/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
RedHat Security Advisories: RHSA-2007:0077
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://securitytracker.com/id?1017271
http://secunia.com/advisories/23046
http://secunia.com/advisories/23108
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
SGI Security Advisory: 20070202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
SGI Security Advisory: 20070301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SuSE Security Announcement: SUSE-SA:2007:019 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SuSE Security Announcement: SUSE-SA:2007:022 (Google Search)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
XForce ISS Database: firefox-passwordmgr-information-disclosure(30470)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
Common Vulnerability Exposure (CVE) ID: CVE-2007-0008
1017696
http://www.securitytracker.com/id?1017696
102856
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
102945
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
20070202-01-P
20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
20070226 rPSA-2007-0040-1 firefox
20070301-01-P
20070303 rPSA-2007-0040-3 firefox thunderbird
22694
24205
24238
24252
http://secunia.com/advisories/24252
24253
http://secunia.com/advisories/24253
24277
http://secunia.com/advisories/24277
24287
24290
24293
24320
24328
24333
24342
24343
24384
24389
http://secunia.com/advisories/24389
24395
24406
http://secunia.com/advisories/24406
24410
http://secunia.com/advisories/24410
24455
http://secunia.com/advisories/24455
24456
http://secunia.com/advisories/24456
24457
24522
http://secunia.com/advisories/24522
24562
http://secunia.com/advisories/24562
24650
24703
http://secunia.com/advisories/24703
25588
25597
http://secunia.com/advisories/25597
32105
http://www.osvdb.org/32105
64758
http://www.securityfocus.com/bid/64758
ADV-2007-0718
ADV-2007-0719
http://www.vupen.com/english/advisories/2007/0719
ADV-2007-1165
http://www.vupen.com/english/advisories/2007/1165
ADV-2007-2141
http://www.vupen.com/english/advisories/2007/2141
DSA-1336
FEDORA-2007-278
http://fedoranews.org/cms/node/2709
FEDORA-2007-279
http://fedoranews.org/cms/node/2711
FEDORA-2007-281
FEDORA-2007-293
FEDORA-2007-308
http://fedoranews.org/cms/node/2747
FEDORA-2007-309
http://fedoranews.org/cms/node/2749
GLSA-200703-18
http://security.gentoo.org/glsa/glsa-200703-18.xml
GLSA-200703-22
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
HPSBUX02153
MDKSA-2007:050
MDKSA-2007:052
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
SSA:2007-066-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
SSA:2007-066-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
SSA:2007-066-05
SSRT061181
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
USN-431-1
http://www.ubuntu.com/usn/usn-431-1
VU#377812
http://www.kb.cert.org/vuls/id/377812
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://bugzilla.mozilla.org/show_bug.cgi?id=364319
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
nss-mastersecret-bo(32666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32666
oval:org.mitre.oval:def:10502
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502
Common Vulnerability Exposure (CVE) ID: CVE-2007-0009
20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
32106
http://www.osvdb.org/32106
VU#592796
http://www.kb.cert.org/vuls/id/592796
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
nss-clientmasterkey-bo(32663)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
oval:org.mitre.oval:def:10174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
Common Vulnerability Exposure (CVE) ID: CVE-2007-0775
1017698
http://www.securitytracker.com/id?1017698
24393
24437
32114
http://www.osvdb.org/32114
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
GLSA-200703-04
GLSA-200703-08
VU#761756
http://www.kb.cert.org/vuls/id/761756
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
mozilla-multiple-layout-code-execution(32704)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32704
oval:org.mitre.oval:def:10012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10012
Common Vulnerability Exposure (CVE) ID: CVE-2007-0777
32115
http://www.osvdb.org/32115
VU#269484
http://www.kb.cert.org/vuls/id/269484
mozilla-multiple-javascript-code-execution(32699)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32699
oval:org.mitre.oval:def:11331
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11331
Common Vulnerability Exposure (CVE) ID: CVE-2007-0778
1017699
http://securitytracker.com/id?1017699
32110
http://www.osvdb.org/32110
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
mozilla-diskcache-information-disclosure(32671)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671
oval:org.mitre.oval:def:9151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
Common Vulnerability Exposure (CVE) ID: CVE-2007-0779
1017700
http://www.securitytracker.com/id?1017700
32109
http://osvdb.org/32109
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
oval:org.mitre.oval:def:8757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757
Common Vulnerability Exposure (CVE) ID: CVE-2007-0780
1017702
http://www.securitytracker.com/id?1017702
32107
http://www.osvdb.org/32107
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
mozilla-dataurl-xss(32667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667
oval:org.mitre.oval:def:9884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
Common Vulnerability Exposure (CVE) ID: CVE-2007-0800
BugTraq ID: 22396
http://www.securityfocus.com/bid/22396
Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459162/100/0/threaded
Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
http://www.osvdb.org/32108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654
XForce ISS Database: firefox-popup-security-bypass(32194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32194
Common Vulnerability Exposure (CVE) ID: CVE-2007-0981
BugTraq ID: 22566
http://www.securityfocus.com/bid/22566
Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460126/100/200/threaded
Bugtraq: 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460217/100/0/threaded
CERT/CC vulnerability note: VU#885753
http://www.kb.cert.org/vuls/id/885753
http://lcamtuf.dione.cc/ffhostname.html
http://www.osvdb.org/32104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
http://securitytracker.com/id?1017654
http://secunia.com/advisories/24175
http://securityreason.com/securityalert/2262
http://www.vupen.com/english/advisories/2007/0624
XForce ISS Database: firefox-locationhostname-security-bypass(32533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0995
32111
http://www.osvdb.org/32111
32112
http://osvdb.org/32112
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
oval:org.mitre.oval:def:10164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164
Common Vulnerability Exposure (CVE) ID: CVE-2007-0996
20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
http://www.securityfocus.com/archive/1/461076/100/0/threaded
33812
http://osvdb.org/33812
http://www.hardened-php.net/advisory_032007.142.html
oval:org.mitre.oval:def:10086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
Common Vulnerability Exposure (CVE) ID: CVE-2007-1282
22845
http://www.securityfocus.com/bid/22845
33810
http://osvdb.org/33810
ADV-2007-0824
http://www.vupen.com/english/advisories/2007/0824
http://www.mozilla.org/security/announce/2007/mfsa2007-10.html
https://bugzilla.mozilla.org/show_bug.cgi?id=362735
mozilla-email-messages-overflow(32810)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32810
oval:org.mitre.oval:def:11313
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11313
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.