Slackware Local Security Checks : Slackware: Security Advisory (SSA:2007-324-01)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.59025
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2007-324-01)
Summary:	The remote host is missing an update for the 'mozilla-thunderbird' package(s) announced via the SSA:2007-324-01 advisory.
Description:	Summary: The remote host is missing an update for the 'mozilla-thunderbird' package(s) announced via the SSA:2007-324-01 advisory. Vulnerability Insight: New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. Slackware is not vulnerable to either of these in its default configuration, but watch out if you've enabled JavaScript. More information about the security issues may be found here: [links moved to references] Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz: Upgraded to thunderbird-2.0.0.9. This update fixes the following security related issues: URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36). Crashes with evidence of memory corruption (MFSA 2007-29). OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox. JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'mozilla-thunderbird' package(s) on Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4841 BugTraq ID: 25543 http://www.securityfocus.com/bid/25543 HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: HPSBUX02156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 HPdes Security Advisory: SSRT061181 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/ http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27360 http://secunia.com/advisories/27414 http://secunia.com/advisories/27744 http://secunia.com/advisories/28363 http://secunia.com/advisories/28398 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007 http://www.vupen.com/english/advisories/2007/3544 http://www.vupen.com/english/advisories/2008/0082 http://www.vupen.com/english/advisories/2008/0083 Common Vulnerability Exposure (CVE) ID: CVE-2007-5339 1018834 http://securitytracker.com/id?1018834 1018835 http://securitytracker.com/id?1018835 1018977 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1 20071026 rPSA-2007-0225-1 firefox http://www.securityfocus.com/archive/1/482876/100/200/threaded 20071029 FLEA-2007-0062-1 firefox http://www.securityfocus.com/archive/1/482925/100/0/threaded 20071029 rPSA-2007-0225-2 firefox thunderbird http://www.securityfocus.com/archive/1/482932/100/200/threaded 201516 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 231441 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1 26132 http://www.securityfocus.com/bid/26132 27276 http://secunia.com/advisories/27276 27298 http://secunia.com/advisories/27298 27311 27313 http://secunia.com/advisories/27313 27315 27325 http://secunia.com/advisories/27325 27326 http://secunia.com/advisories/27326 27327 http://secunia.com/advisories/27327 27335 http://secunia.com/advisories/27335 27336 http://secunia.com/advisories/27336 27356 http://secunia.com/advisories/27356 27360 27383 http://secunia.com/advisories/27383 27387 http://secunia.com/advisories/27387 27403 http://secunia.com/advisories/27403 27414 27425 http://secunia.com/advisories/27425 27480 http://secunia.com/advisories/27480 27665 http://secunia.com/advisories/27665 27680 http://secunia.com/advisories/27680 27704 http://secunia.com/advisories/27704 27744 28179 http://secunia.com/advisories/28179 28363 28398 28636 http://secunia.com/advisories/28636 ADV-2007-3544 ADV-2007-3545 http://www.vupen.com/english/advisories/2007/3545 ADV-2007-3587 http://www.vupen.com/english/advisories/2007/3587 ADV-2007-4272 http://www.vupen.com/english/advisories/2007/4272 ADV-2008-0082 ADV-2008-0083 ADV-2008-0643 http://www.vupen.com/english/advisories/2008/0643 DSA-1391 http://www.debian.org/security/2007/dsa-1391 DSA-1392 http://www.debian.org/security/2007/dsa-1392 DSA-1396 http://www.debian.org/security/2007/dsa-1396 DSA-1401 http://www.debian.org/security/2007/dsa-1401 FEDORA-2007-2601 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html FEDORA-2007-2664 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html FEDORA-2007-3431 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html GLSA-200711-14 http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml GLSA-200711-24 http://security.gentoo.org/glsa/glsa-200711-24.xml HPSBUX02153 HPSBUX02156 MDKSA-2007:202 MDVSA-2007:047 http://www.mandriva.com/security/advisories?name=MDVSA-2007:047 MDVSA-2008:047 http://www.mandriva.com/security/advisories?name=MDVSA-2008:047 RHSA-2007:0979 http://www.redhat.com/support/errata/RHSA-2007-0979.html RHSA-2007:0980 http://www.redhat.com/support/errata/RHSA-2007-0980.html RHSA-2007:0981 http://www.redhat.com/support/errata/RHSA-2007-0981.html SSA:2007-324-01 SSRT061181 SSRT061236 SUSE-SA:2007:057 http://www.novell.com/linux/security/advisories/2007_57_mozilla.html SUSE-SR:2008:002 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html USN-535-1 https://usn.ubuntu.com/535-1/ USN-536-1 http://www.ubuntu.com/usn/usn-536-1 VU#559977 http://www.kb.cert.org/vuls/id/559977 http://bugs.gentoo.org/show_bug.cgi?id=196481 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html http://www.mozilla.org/security/announce/2007/mfsa2007-29.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322%2C330563%2C341858%2C344064%2C348126%2C354645%2C361745%2C362901%2C378670%2C378682%2C379799%2C382376%2C384105%2C386382%2C386914%2C387033%2C387460%2C387844%2C391974%2C392285%2C393770%2C394014%2C394418 https://issues.rpath.com/browse/RPL-1858 https://issues.rpath.com/browse/RPL-1884 mozilla-multiple-browser-code-execution(37281) https://exchange.xforce.ibmcloud.com/vulnerabilities/37281 oval:org.mitre.oval:def:10459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10459
Copyright	Copyright (C) 2012 Greenbone AG