English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59087
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-400-1 (mozilla-thunderbird)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mozilla-thunderbird
announced via advisory USN-400-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Georgi Guninski and David Bienvenu discovered that long Content-Type and
RFC2047-encoded headers we vulnerable to heap overflows. By tricking
the user into opening a specially crafted email, an attacker could
execute arbitrary code with user privileges. (CVE-2006-6506)

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges or bypass internal XSS protections
by tricking the user into opening a malicious email containing
JavaScript. Please note that JavaScript is disabled by default for
emails, and it is not recommended to enable it. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
mozilla-thunderbird 1.5.0.9-0ubuntu0.5.10
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.5.10

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.9-0ubuntu0.6.06
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.6.06

Ubuntu 6.10:
mozilla-thunderbird 1.5.0.9-0ubuntu0.6.10
mozilla-thunderbird-dev 1.5.0.9-0ubuntu0.6.10

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-400-1

Risk factor : High

CVSS Score:
7.1

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6497
1017398
http://securitytracker.com/id?1017398
1017405
http://securitytracker.com/id?1017405
1017406
http://securitytracker.com/id?1017406
102885
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1
20061202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
20061222 rPSA-2006-0234-1 firefox
http://www.securityfocus.com/archive/1/455145/100/0/threaded
20070102 rPSA-2006-0234-2 firefox thunderbird
http://www.securityfocus.com/archive/1/455728/100/200/threaded
21668
http://www.securityfocus.com/bid/21668
23282
http://secunia.com/advisories/23282
23420
http://secunia.com/advisories/23420
23422
http://secunia.com/advisories/23422
23433
http://secunia.com/advisories/23433
23439
http://secunia.com/advisories/23439
23440
http://secunia.com/advisories/23440
23468
http://secunia.com/advisories/23468
23514
http://secunia.com/advisories/23514
23545
http://secunia.com/advisories/23545
23589
http://secunia.com/advisories/23589
23591
http://secunia.com/advisories/23591
23598
http://secunia.com/advisories/23598
23601
http://secunia.com/advisories/23601
23614
http://secunia.com/advisories/23614
23618
http://secunia.com/advisories/23618
23672
http://secunia.com/advisories/23672
23692
http://secunia.com/advisories/23692
23988
http://secunia.com/advisories/23988
24078
http://secunia.com/advisories/24078
24390
http://secunia.com/advisories/24390
24948
http://secunia.com/advisories/24948
ADV-2006-5068
http://www.vupen.com/english/advisories/2006/5068
ADV-2007-1463
http://www.vupen.com/english/advisories/2007/1463
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1253
http://www.debian.org/security/2007/dsa-1253
DSA-1258
http://www.debian.org/security/2007/dsa-1258
DSA-1265
http://www.debian.org/security/2007/dsa-1265
FEDORA-2006-1491
http://fedoranews.org/cms/node/2297
FEDORA-2007-004
http://fedoranews.org/cms/node/2338
GLSA-200701-02
http://security.gentoo.org/glsa/glsa-200701-02.xml
GLSA-200701-03
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
GLSA-200701-04
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
MDKSA-2007:010
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
MDKSA-2007:011
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
RHSA-2006:0758
http://rhn.redhat.com/errata/RHSA-2006-0758.html
RHSA-2006:0759
http://rhn.redhat.com/errata/RHSA-2006-0759.html
RHSA-2006:0760
http://rhn.redhat.com/errata/RHSA-2006-0760.html
SSRT061181
SUSE-SA:2006:080
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
SUSE-SA:2007:006
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
TA06-354A
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
USN-398-1
http://www.ubuntu.com/usn/usn-398-1
USN-398-2
http://www.ubuntu.com/usn/usn-398-2
USN-400-1
http://www.ubuntu.com/usn/usn-400-1
VU#427972
http://www.kb.cert.org/vuls/id/427972
VU#606260
http://www.kb.cert.org/vuls/id/606260
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
https://issues.rpath.com/browse/RPL-883
oval:org.mitre.oval:def:11691
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11691
Common Vulnerability Exposure (CVE) ID: CVE-2006-6498
102955
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
25556
http://secunia.com/advisories/25556
ADV-2007-2106
http://www.vupen.com/english/advisories/2007/2106
VU#447772
http://www.kb.cert.org/vuls/id/447772
oval:org.mitre.oval:def:10661
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661
Common Vulnerability Exposure (CVE) ID: CVE-2006-6499
BugTraq ID: 21668
Cert/CC Advisory: TA06-354A
CERT/CC vulnerability note: VU#427972
Debian Security Information: DSA-1253 (Google Search)
Debian Security Information: DSA-1258 (Google Search)
Debian Security Information: DSA-1265 (Google Search)
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: SSRT061181
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
SuSE Security Announcement: SUSE-SA:2006:080 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:006 (Google Search)
http://www.vupen.com/english/advisories/2007/1124
Common Vulnerability Exposure (CVE) ID: CVE-2006-6501
1017403
http://securitytracker.com/id?1017403
1017404
http://securitytracker.com/id?1017404
1017407
http://securitytracker.com/id?1017407
VU#263412
http://www.kb.cert.org/vuls/id/263412
http://www.mozilla.org/security/announce/2006/mfsa2006-70.html
oval:org.mitre.oval:def:9746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746
Common Vulnerability Exposure (CVE) ID: CVE-2006-6502
1017411
http://securitytracker.com/id?1017411
1017412
http://securitytracker.com/id?1017412
1017413
http://securitytracker.com/id?1017413
VU#428500
http://www.kb.cert.org/vuls/id/428500
http://www.mozilla.org/security/announce/2006/mfsa2006-71.html
oval:org.mitre.oval:def:9626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626
Common Vulnerability Exposure (CVE) ID: CVE-2006-6503
1017414
http://securitytracker.com/id?1017414
1017415
http://securitytracker.com/id?1017415
1017416
http://securitytracker.com/id?1017416
VU#405092
http://www.kb.cert.org/vuls/id/405092
http://www.mozilla.org/security/announce/2006/mfsa2006-72.html
oval:org.mitre.oval:def:10895
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895
Common Vulnerability Exposure (CVE) ID: CVE-2006-6505
Bugtraq: 20061222 rPSA-2006-0234-1 firefox (Google Search)
Bugtraq: 20070102 rPSA-2006-0234-2 firefox thunderbird (Google Search)
CERT/CC vulnerability note: VU#887332
http://www.kb.cert.org/vuls/id/887332
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11565
RedHat Security Advisories: RHSA-2006:0759
RedHat Security Advisories: RHSA-2006:0760
http://securitytracker.com/id?1017419
http://securitytracker.com/id?1017420
http://secunia.com/advisories/24108
SGI Security Advisory: 20061202-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102800-1
http://www.vupen.com/english/advisories/2007/0573
Common Vulnerability Exposure (CVE) ID: CVE-2006-6506
http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215
http://securitytracker.com/id?1017421
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.