Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58911
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0401
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0401.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Thunderbird to crash or potentially execute arbitrary code
as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868)

Several denial of service flaws were found in the way Thunderbird handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent Thunderbird from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Thunderbird processed certain APOP
authentication requests. By sending certain responses when Thunderbird
attempted to authenticate against an APOP server, a remote attacker could
potentially acquire certain portions of a user's authentication
credentials. (CVE-2007-1558)

A flaw was found in the way Thunderbird displayed certain web content. A
malicious web page could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of Thunderbird are advised to apply this update, which contains
Thunderbird version 1.5.0.12 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0401.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1362
BugTraq ID: 22879
http://www.securityfocus.com/bid/22879
BugTraq ID: 24242
http://www.securityfocus.com/bid/24242
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Cert/CC Advisory: TA07-151A
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Debian Security Information: DSA-1300 (Google Search)
http://www.debian.org/security/2007/dsa-1300
Debian Security Information: DSA-1306 (Google Search)
http://www.debian.org/security/2007/dsa-1306
Debian Security Information: DSA-1308 (Google Search)
http://www.debian.org/security/2007/dsa-1308
http://security.gentoo.org/glsa/glsa-200706-06.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.osvdb.org/35139
http://osvdb.org/35140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securitytracker.com/id?1018162
http://www.securitytracker.com/id?1018163
http://secunia.com/advisories/25476
http://secunia.com/advisories/25490
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.vupen.com/english/advisories/2007/1994
XForce ISS Database: mozilla-doccookie-dos(34613)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34613
Common Vulnerability Exposure (CVE) ID: CVE-2007-1558
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
BugTraq ID: 23257
http://www.securityfocus.com/bid/23257
Bugtraq: 20070402 APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464477/30/0/threaded
Bugtraq: 20070403 Re: APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464569/100/0/threaded
Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471455/100/0/threaded
Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471720/100/0/threaded
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
http://www.securityfocus.com/archive/1/471842/100/0/threaded
Debian Security Information: DSA-1305 (Google Search)
http://www.debian.org/security/2007/dsa-1305
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securitytracker.com/id?1018008
http://secunia.com/advisories/25353
http://secunia.com/advisories/25402
http://secunia.com/advisories/25496
http://secunia.com/advisories/25529
http://secunia.com/advisories/25546
http://secunia.com/advisories/25664
http://secunia.com/advisories/25798
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/26415
http://secunia.com/advisories/35699
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
Common Vulnerability Exposure (CVE) ID: CVE-2007-2867
CERT/CC vulnerability note: VU#751636
http://www.kb.cert.org/vuls/id/751636
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://osvdb.org/35134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018153
http://secunia.com/advisories/24406
http://secunia.com/advisories/24456
http://secunia.com/advisories/25469
http://secunia.com/advisories/25488
http://secunia.com/advisories/25489
http://secunia.com/advisories/25491
http://secunia.com/advisories/25492
http://secunia.com/advisories/25644
http://secunia.com/advisories/27423
http://secunia.com/advisories/28363
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
http://www.vupen.com/english/advisories/2007/3664
XForce ISS Database: mozilla-layoutengine-dos(34604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
Common Vulnerability Exposure (CVE) ID: CVE-2007-2868
CERT/CC vulnerability note: VU#609956
http://www.kb.cert.org/vuls/id/609956
http://osvdb.org/35138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
http://www.securitytracker.com/id?1018152
http://secunia.com/advisories/27427
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
http://www.vupen.com/english/advisories/2007/3632
XForce ISS Database: mozilla-javascripteng-code-execution(34605)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
Common Vulnerability Exposure (CVE) ID: CVE-2007-2869
http://osvdb.org/35135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11208
http://www.securitytracker.com/id?1018154
XForce ISS Database: firefox-autocomplete-dos(34612)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34612
Common Vulnerability Exposure (CVE) ID: CVE-2007-2871
http://osvdb.org/35137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
XForce ISS Database: mozilla-xulpopups-spoofing(34606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.