English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59192
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-503-1 (mozilla-thunderbird)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mozilla-thunderbird
announced via advisory USN-503-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.06

Ubuntu 6.10:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.10

Ubuntu 7.04:
mozilla-thunderbird 1.5.0.13-0ubuntu0.7.04

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-503-1

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3670
BugTraq ID: 24837
http://www.securityfocus.com/bid/24837
Bugtraq: 20070710 Internet Explorer 0day exploit (Google Search)
http://www.securityfocus.com/archive/1/473276/100/0/threaded
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#358017
http://www.kb.cert.org/vuls/id/358017
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/
http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx
http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/
http://www.virusbtn.com/news/virus_news/2007/07_11.xml
http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html
http://osvdb.org/38017
http://www.securitytracker.com/id?1018351
http://www.securitytracker.com/id?1018360
http://secunia.com/advisories/25984
http://secunia.com/advisories/26096
http://secunia.com/advisories/26149
http://secunia.com/advisories/26204
http://secunia.com/advisories/26216
http://secunia.com/advisories/26258
http://secunia.com/advisories/26271
http://secunia.com/advisories/26572
http://secunia.com/advisories/28179
http://secunia.com/advisories/28363
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-503-1
http://www.vupen.com/english/advisories/2007/2473
http://www.vupen.com/english/advisories/2007/2565
http://www.vupen.com/english/advisories/2007/4272
http://www.vupen.com/english/advisories/2008/0082
XForce ISS Database: ie-firefoxurl-command-execution(35346)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35346
Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
1018408
http://www.securitytracker.com/id?1018408
103177
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
20070720 rPSA-2007-0148-1 firefox thunderbird
http://www.securityfocus.com/archive/1/474226/100/0/threaded
20070724 FLEA-2007-0033-1: firefox thunderbird
http://www.securityfocus.com/archive/1/474542/100/0/threaded
201516
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
24946
http://www.securityfocus.com/bid/24946
25589
http://secunia.com/advisories/25589
26072
http://secunia.com/advisories/26072
26095
http://secunia.com/advisories/26095
26096
26103
http://secunia.com/advisories/26103
26106
http://secunia.com/advisories/26106
26107
http://secunia.com/advisories/26107
26149
26151
http://secunia.com/advisories/26151
26159
http://secunia.com/advisories/26159
26176
http://secunia.com/advisories/26176
26179
http://secunia.com/advisories/26179
26204
26205
http://secunia.com/advisories/26205
26211
http://secunia.com/advisories/26211
26216
26258
26271
26460
http://secunia.com/advisories/26460
26572
27326
http://secunia.com/advisories/27326
28135
http://secunia.com/advisories/28135
28363
ADV-2007-2564
http://www.vupen.com/english/advisories/2007/2564
ADV-2007-2565
ADV-2007-4256
http://www.vupen.com/english/advisories/2007/4256
ADV-2008-0082
DSA-1337
http://www.debian.org/security/2007/dsa-1337
DSA-1338
http://www.debian.org/security/2007/dsa-1338
DSA-1339
http://www.debian.org/security/2007/dsa-1339
DSA-1391
http://www.debian.org/security/2007/dsa-1391
GLSA-200708-09
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPSBUX02153
HPSBUX02156
MDKSA-2007:152
MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
MDVSA-2008:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
RHSA-2007:0722
http://www.redhat.com/support/errata/RHSA-2007-0722.html
RHSA-2007:0723
http://www.redhat.com/support/errata/RHSA-2007-0723.html
RHSA-2007:0724
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SSRT061181
SSRT061236
SUSE-SA:2007:049
USN-490-1
http://www.ubuntu.com/usn/usn-490-1
USN-503-1
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
mozilla-browser-engine-code-execution(35458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35458
oval:org.mitre.oval:def:10108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
mozilla-javascript-eng-code-execution(35459)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35459
oval:org.mitre.oval:def:11066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11066
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
1018479
http://securitytracker.com/id?1018479
1018480
http://securitytracker.com/id?1018480
1018481
http://securitytracker.com/id?1018481
20070801 FLEA-2007-0039-1 firefox
http://www.securityfocus.com/archive/1/475265/100/200/threaded
20070803 FLEA-2007-0040-1 thunderbird
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
25142
http://www.securityfocus.com/bid/25142
26234
http://secunia.com/advisories/26234
26288
http://secunia.com/advisories/26288
26303
http://secunia.com/advisories/26303
26309
http://secunia.com/advisories/26309
26331
http://secunia.com/advisories/26331
26335
http://secunia.com/advisories/26335
26393
http://secunia.com/advisories/26393
27276
http://secunia.com/advisories/27276
27298
http://secunia.com/advisories/27298
27325
http://secunia.com/advisories/27325
27327
http://secunia.com/advisories/27327
27356
http://secunia.com/advisories/27356
27414
http://secunia.com/advisories/27414
27680
http://secunia.com/advisories/27680
ADV-2007-3587
http://www.vupen.com/english/advisories/2007/3587
DSA-1344
http://www.debian.org/security/2007/dsa-1344
DSA-1345
http://www.debian.org/security/2007/dsa-1345
DSA-1346
http://www.debian.org/security/2007/dsa-1346
FEDORA-2007-2601
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
FEDORA-2007-3431
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
RHSA-2007:0979
http://www.redhat.com/support/errata/RHSA-2007-0979.html
RHSA-2007:0980
http://www.redhat.com/support/errata/RHSA-2007-0980.html
RHSA-2007:0981
http://www.redhat.com/support/errata/RHSA-2007-0981.html
SSA:2007-213-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
SUSE-SA:2007:057
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
USN-493-1
http://www.ubuntu.com/usn/usn-493-1
http://bugzilla.mozilla.org/show_bug.cgi?id=388121
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
https://issues.rpath.com/browse/RPL-1600
oval:org.mitre.oval:def:9493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9493
Common Vulnerability Exposure (CVE) ID: CVE-2007-3845
25053
http://www.securityfocus.com/bid/25053
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.