Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61884
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0976
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0976.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018,
CVE-2008-5021)

Several flaws were found in the way malformed HTML mail content was
processed. An HTML mail message containing specially-crafted content could
potentially trick a Thunderbird user into surrendering sensitive
information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024)

All Thunderbird users should upgrade to these updated packages, which
resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0976.html

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5014
BugTraq ID: 32281
http://www.securityfocus.com/bid/32281
Cert/CC Advisory: TA08-319A
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
Debian Security Information: DSA-1669 (Google Search)
http://www.debian.org/security/2008/dsa-1669
Debian Security Information: DSA-1671 (Google Search)
http://www.debian.org/security/2008/dsa-1671
Debian Security Information: DSA-1696 (Google Search)
http://www.debian.org/security/2009/dsa-1696
Debian Security Information: DSA-1697 (Google Search)
http://www.debian.org/security/2009/dsa-1697
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
https://bugzilla.mozilla.org/show_bug.cgi?id=436741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157
http://www.redhat.com/support/errata/RHSA-2008-0976.html
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.securitytracker.com/id?1021182
http://secunia.com/advisories/32011
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://secunia.com/advisories/32714
http://secunia.com/advisories/32715
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32798
http://secunia.com/advisories/32845
http://secunia.com/advisories/32853
http://secunia.com/advisories/33433
http://secunia.com/advisories/33434
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
SuSE Security Announcement: SUSE-SA:2008:055 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://ubuntu.com/usn/usn-667-1
http://www.vupen.com/english/advisories/2008/3146
http://www.vupen.com/english/advisories/2009/0977
Common Vulnerability Exposure (CVE) ID: CVE-2008-5016
https://bugzilla.mozilla.org/buglist.cgi?bug_id=439206,453406,458637,444864,452157,449111,444260,457375,433429,443528,430394
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11356
http://www.securitytracker.com/id?1021183
http://secunia.com/advisories/32713
Common Vulnerability Exposure (CVE) ID: CVE-2008-5017
https://bugzilla.mozilla.org/show_bug.cgi?id=455987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11436
Common Vulnerability Exposure (CVE) ID: CVE-2008-5018
https://bugzilla.mozilla.org/show_bug.cgi?id=452786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9872
Common Vulnerability Exposure (CVE) ID: CVE-2008-5021
https://bugzilla.mozilla.org/show_bug.cgi?id=460002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642
http://www.securitytracker.com/id?1021186
Common Vulnerability Exposure (CVE) ID: CVE-2008-5012
BugTraq ID: 32351
http://www.securityfocus.com/bid/32351
Bugtraq: 20081118 Firefox cross-domain image theft (CESA-2008-009) (Google Search)
http://www.securityfocus.com/archive/1/498468
http://scary.beasts.org/security/CESA-2008-009.html
http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
https://bugzilla.mozilla.org/show_bug.cgi?id=355126
https://bugzilla.mozilla.org/show_bug.cgi?id=451619
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750
http://www.securitytracker.com/id?1021187
Common Vulnerability Exposure (CVE) ID: CVE-2008-5022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11186
http://www.securitytracker.com/id?1021188
Common Vulnerability Exposure (CVE) ID: CVE-2008-5024
https://bugzilla.mozilla.org/show_bug.cgi?id=453915
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063
http://www.securitytracker.com/id?1021192
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.