English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 74154 CVE descriptions
and 39337 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59192
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-503-1 (mozilla-thunderbird)
Summary:Ubuntu USN-503-1 (mozilla-thunderbird)
Description:
The remote host is missing an update to mozilla-thunderbird
announced via advisory USN-503-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.06

Ubuntu 6.10:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.10

Ubuntu 7.04:
mozilla-thunderbird 1.5.0.13-0ubuntu0.7.04

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-503-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3670
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565
Bugtraq: 20070710 Internet Explorer 0day exploit (Google Search)
http://www.securityfocus.com/archive/1/archive/1/473276/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html
http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html
http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/
http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx
http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/
http://www.virusbtn.com/news/virus_news/2007/07_11.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-503-1
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#358017
http://www.kb.cert.org/vuls/id/358017
BugTraq ID: 24837
http://www.securityfocus.com/bid/24837
http://osvdb.org/38017
http://www.vupen.com/english/advisories/2007/2473
http://www.vupen.com/english/advisories/2007/2565
http://www.vupen.com/english/advisories/2007/4272
http://www.vupen.com/english/advisories/2008/0082
http://www.securitytracker.com/id?1018351
http://www.securitytracker.com/id?1018360
http://secunia.com/advisories/25984
http://secunia.com/advisories/26096
http://secunia.com/advisories/26149
http://secunia.com/advisories/26216
http://secunia.com/advisories/26204
http://secunia.com/advisories/26271
http://secunia.com/advisories/26258
http://secunia.com/advisories/26572
http://secunia.com/advisories/28179
http://secunia.com/advisories/28363
XForce ISS Database: ie-firefoxurl-command-execution(35346)
http://xforce.iss.net/xforce/xfdb/35346
Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474542/100/0/threaded
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://www.ubuntu.com/usn/usn-490-1
BugTraq ID: 24946
http://www.securityfocus.com/bid/24946
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10108
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/4256
http://www.securitytracker.com/id?1018408
http://secunia.com/advisories/26095
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/25589
http://secunia.com/advisories/26179
http://secunia.com/advisories/26151
http://secunia.com/advisories/26072
http://secunia.com/advisories/26176
http://secunia.com/advisories/26211
http://secunia.com/advisories/26205
http://secunia.com/advisories/26159
http://secunia.com/advisories/26460
http://secunia.com/advisories/27326
http://secunia.com/advisories/28135
XForce ISS Database: mozilla-browser-engine-code-execution(35458)
http://xforce.iss.net/xforce/xfdb/35458
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11066
XForce ISS Database: mozilla-javascript-eng-code-execution(35459)
http://xforce.iss.net/xforce/xfdb/35459
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
Bugtraq: 20070801 FLEA-2007-0039-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/475265/100/200/threaded
Bugtraq: 20070803 FLEA-2007-0040-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/475450/30/5550/threaded
Debian Security Information: DSA-1344 (Google Search)
http://www.debian.org/security/2007/dsa-1344
Debian Security Information: DSA-1345 (Google Search)
http://www.debian.org/security/2007/dsa-1345
Debian Security Information: DSA-1346 (Google Search)
http://www.debian.org/security/2007/dsa-1346
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.ubuntu.com/usn/usn-493-1
BugTraq ID: 25142
http://www.securityfocus.com/bid/25142
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9493
http://www.vupen.com/english/advisories/2007/3587
http://securitytracker.com/id?1018479
http://securitytracker.com/id?1018480
http://securitytracker.com/id?1018481
http://secunia.com/advisories/26288
http://secunia.com/advisories/26234
http://secunia.com/advisories/26309
http://secunia.com/advisories/26331
http://secunia.com/advisories/26335
http://secunia.com/advisories/26303
http://secunia.com/advisories/26393
http://secunia.com/advisories/27276
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27356
http://secunia.com/advisories/27298
http://secunia.com/advisories/27414
http://secunia.com/advisories/27680
Common Vulnerability Exposure (CVE) ID: CVE-2007-3845
BugTraq ID: 25053
http://www.securityfocus.com/bid/25053
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 39337 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.