Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58963
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0981
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0981.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way in which Thunderbird processed certain
malformed HTML mail content. An HTML mail message containing malicious
content could cause Thunderbird to crash or potentially execute arbitrary
code as the user running Thunderbird. JavaScript support is disabled by
default in Thunderbird
these issues are not exploitable unless the user
has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340)

Several flaws were found in the way in which Thunderbird displayed
malformed HTML mail content. An HTML mail message containing
specially-crafted content could potentially trick a user into surrendering
sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511,
CVE-2007-5334)

A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML
mail message could access data from a remote sftp site, possibly stealing
sensitive user data. (CVE-2007-5337)

A request-splitting flaw was found in the way in which Thunderbird
generates a digest authentication request. If a user opened a
specially-crafted URL, it was possible to perform cross-site scripting
attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)

Users of Thunderbird are advised to upgrade to these erratum packages,
which contain backported patches that correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0981.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1095
BugTraq ID: 22688
http://www.securityfocus.com/bid/22688
Bugtraq: 20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (Google Search)
http://www.securityfocus.com/archive/1/461007/100/0/threaded
Bugtraq: 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) (Google Search)
http://www.securityfocus.com/archive/1/461023/100/0/threaded
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482876/100/200/threaded
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482925/100/0/threaded
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/482932/100/200/threaded
Debian Security Information: DSA-1392 (Google Search)
http://www.debian.org/security/2007/dsa-1392
Debian Security Information: DSA-1396 (Google Search)
http://www.debian.org/security/2007/dsa-1396
Debian Security Information: DSA-1401 (Google Search)
http://www.debian.org/security/2007/dsa-1401
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://lcamtuf.coredump.cx/ietrap/ff/
https://bugzilla.mozilla.org/show_bug.cgi?id=371360
http://osvdb.org/33809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://securitytracker.com/id?1018837
http://secunia.com/advisories/27276
http://secunia.com/advisories/27298
http://secunia.com/advisories/27311
http://secunia.com/advisories/27315
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27336
http://secunia.com/advisories/27356
http://secunia.com/advisories/27360
http://secunia.com/advisories/27383
http://secunia.com/advisories/27387
http://secunia.com/advisories/27403
http://secunia.com/advisories/27414
http://secunia.com/advisories/27425
http://secunia.com/advisories/27480
http://secunia.com/advisories/27665
http://secunia.com/advisories/27680
http://secunia.com/advisories/28398
http://securityreason.com/securityalert/2310
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
https://usn.ubuntu.com/535-1/
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3587
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: ie-mozilla-onunload-dos(32647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
XForce ISS Database: ie-mozilla-onunload-url-spoofing(32649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32649
Common Vulnerability Exposure (CVE) ID: CVE-2007-2292
BugTraq ID: 23668
http://www.securityfocus.com/bid/23668
Bugtraq: 20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting (Google Search)
http://www.securityfocus.com/archive/1/466906/100/0/threaded
http://www.wisec.it/vulns.php?id=11
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195
http://www.securitytracker.com/id?1017968
http://securityreason.com/securityalert/2654
XForce ISS Database: firefox-lf-response-splitting(33981)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33981
Common Vulnerability Exposure (CVE) ID: CVE-2007-3511
BugTraq ID: 24725
http://www.securityfocus.com/bid/24725
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
http://sla.ckers.org/forum/read.php?3,13142
http://yathong.googlepages.com/FirefoxFocusBug.html
http://osvdb.org/37994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763
http://secunia.com/advisories/25904
XForce ISS Database: firefox-focus-security-bypass(35299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
BugTraq ID: 25142
http://www.securityfocus.com/bid/25142
Bugtraq: 20070801 FLEA-2007-0039-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/475265/100/200/threaded
Bugtraq: 20070803 FLEA-2007-0040-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
Debian Security Information: DSA-1344 (Google Search)
http://www.debian.org/security/2007/dsa-1344
Debian Security Information: DSA-1345 (Google Search)
http://www.debian.org/security/2007/dsa-1345
Debian Security Information: DSA-1346 (Google Search)
http://www.debian.org/security/2007/dsa-1346
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9493
http://securitytracker.com/id?1018479
http://securitytracker.com/id?1018480
http://securitytracker.com/id?1018481
http://secunia.com/advisories/26234
http://secunia.com/advisories/26258
http://secunia.com/advisories/26288
http://secunia.com/advisories/26303
http://secunia.com/advisories/26309
http://secunia.com/advisories/26331
http://secunia.com/advisories/26335
http://secunia.com/advisories/26393
http://secunia.com/advisories/26460
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/28135
http://secunia.com/advisories/28363
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://www.ubuntu.com/usn/usn-493-1
http://www.ubuntu.com/usn/usn-503-1
http://www.vupen.com/english/advisories/2007/4256
http://www.vupen.com/english/advisories/2008/0082
Common Vulnerability Exposure (CVE) ID: CVE-2007-5334
BugTraq ID: 26132
http://www.securityfocus.com/bid/26132
CERT/CC vulnerability note: VU#349217
http://www.kb.cert.org/vuls/id/349217
https://bugzilla.mozilla.org/show_bug.cgi?id=391043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482
XForce ISS Database: mozilla-xul-page-spoofing(37286)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37286
Common Vulnerability Exposure (CVE) ID: CVE-2007-5337
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
XForce ISS Database: mozilla-sftp-file-access(37287)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
Common Vulnerability Exposure (CVE) ID: CVE-2007-5338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965
http://securitytracker.com/id?1018836
XForce ISS Database: mozilla-xpcnativewrapper-code-execution(37288)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37288
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
CERT/CC vulnerability note: VU#559977
http://www.kb.cert.org/vuls/id/559977
http://security.gentoo.org/glsa/glsa-200711-24.xml
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322,330563,341858,344064,348126,354645,361745,362901,378670,378682,379799,382376,384105,386382,386914,387033,387460,387844,391974,392285,393770,394014,394418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10459
http://securitytracker.com/id?1018834
http://securitytracker.com/id?1018835
http://secunia.com/advisories/27313
http://secunia.com/advisories/27704
http://secunia.com/advisories/27744
http://secunia.com/advisories/28179
http://secunia.com/advisories/28636
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
SuSE Security Announcement: SUSE-SR:2008:002 (Google Search)
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.vupen.com/english/advisories/2007/3545
http://www.vupen.com/english/advisories/2007/4272
http://www.vupen.com/english/advisories/2008/0643
XForce ISS Database: mozilla-multiple-browser-code-execution(37281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37281
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
CERT/CC vulnerability note: VU#755513
http://www.kb.cert.org/vuls/id/755513
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309,387955,390078,393537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9622
XForce ISS Database: mozilla-multiple-java-code-execution(37282)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37282
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.