Fedora Local Security Checks : Fedora Core 10 FEDORA-2008-9901 (thunderbird)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.61900
Category:	Fedora Local Security Checks
Title:	Fedora Core 10 FEDORA-2008-9901 (thunderbird)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to thunderbird announced via advisory FEDORA-2008-9901. Update Information: This update update upgrades thunderbird packages to upstream version 2.0.0.18, which fixes multiple security issues detailed in upstream security advisories: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.18 ChangeLog: * Wed Nov 19 2008 Christopher Aillon 2.0.0.18-1 - Update to 2.0.0.18 References: [ 1 ] Bug #470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering https://bugzilla.redhat.com/show_bug.cgi?id=470873 [ 2 ] Bug #470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=470884 [ 3 ] Bug #470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace https://bugzilla.redhat.com/show_bug.cgi?id=470902 [ 4 ] Bug #470864 - CVE-2008-5012 Mozilla Image stealing via canvas and HTTP redirect https://bugzilla.redhat.com/show_bug.cgi?id=470864 [ 5 ] Bug #470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=470881 [ 6 ] Bug #470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=470883 [ 7 ] Bug #470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager https://bugzilla.redhat.com/show_bug.cgi?id=470894 [ 8 ] Bug #470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation https://bugzilla.redhat.com/show_bug.cgi?id=470895 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update thunderbird' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-9901 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5014 1021182 http://www.securitytracker.com/id?1021182 256408 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 32011 http://secunia.com/advisories/32011 32281 http://www.securityfocus.com/bid/32281 32684 http://secunia.com/advisories/32684 32693 http://secunia.com/advisories/32693 32694 http://secunia.com/advisories/32694 32695 http://secunia.com/advisories/32695 32714 http://secunia.com/advisories/32714 32715 http://secunia.com/advisories/32715 32721 http://secunia.com/advisories/32721 32778 http://secunia.com/advisories/32778 32798 http://secunia.com/advisories/32798 32845 http://secunia.com/advisories/32845 32853 http://secunia.com/advisories/32853 33433 http://secunia.com/advisories/33433 33434 http://secunia.com/advisories/33434 34501 http://secunia.com/advisories/34501 ADV-2008-3146 http://www.vupen.com/english/advisories/2008/3146 ADV-2009-0977 http://www.vupen.com/english/advisories/2009/0977 DSA-1669 http://www.debian.org/security/2008/dsa-1669 DSA-1671 http://www.debian.org/security/2008/dsa-1671 DSA-1696 http://www.debian.org/security/2009/dsa-1696 DSA-1697 http://www.debian.org/security/2009/dsa-1697 FEDORA-2008-9667 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html FEDORA-2008-9669 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 MDVSA-2008:230 http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 MDVSA-2008:235 http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 RHSA-2008:0976 http://www.redhat.com/support/errata/RHSA-2008-0976.html RHSA-2008:0977 http://www.redhat.com/support/errata/RHSA-2008-0977.html RHSA-2008:0978 http://www.redhat.com/support/errata/RHSA-2008-0978.html SUSE-SA:2008:055 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html TA08-319A http://www.us-cert.gov/cas/techalerts/TA08-319A.html USN-667-1 http://ubuntu.com/usn/usn-667-1 http://www.mozilla.org/security/announce/2008/mfsa2008-50.html https://bugzilla.mozilla.org/show_bug.cgi?id=436741 oval:org.mitre.oval:def:9157 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157 Common Vulnerability Exposure (CVE) ID: CVE-2008-5018 1021183 http://www.securitytracker.com/id?1021183 32713 http://secunia.com/advisories/32713 http://www.mozilla.org/security/announce/2008/mfsa2008-52.html https://bugzilla.mozilla.org/show_bug.cgi?id=452786 oval:org.mitre.oval:def:9872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9872 Common Vulnerability Exposure (CVE) ID: CVE-2008-5024 1021192 http://www.securitytracker.com/id?1021192 http://www.mozilla.org/security/announce/2008/mfsa2008-58.html https://bugzilla.mozilla.org/show_bug.cgi?id=453915 oval:org.mitre.oval:def:9063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063 Common Vulnerability Exposure (CVE) ID: CVE-2008-5012 1021187 http://www.securitytracker.com/id?1021187 20081118 Firefox cross-domain image theft (CESA-2008-009) http://www.securityfocus.com/archive/1/498468 32351 http://www.securityfocus.com/bid/32351 http://scary.beasts.org/security/CESA-2008-009.html http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html http://www.mozilla.org/security/announce/2008/mfsa2008-48.html https://bugzilla.mozilla.org/show_bug.cgi?id=355126 https://bugzilla.mozilla.org/show_bug.cgi?id=451619 oval:org.mitre.oval:def:10750 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750 Common Vulnerability Exposure (CVE) ID: CVE-2008-5016 https://bugzilla.mozilla.org/buglist.cgi?bug_id=439206%2C453406%2C458637%2C444864%2C452157%2C449111%2C444260%2C457375%2C433429%2C443528%2C430394 oval:org.mitre.oval:def:11356 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11356 Common Vulnerability Exposure (CVE) ID: CVE-2008-5017 https://bugzilla.mozilla.org/show_bug.cgi?id=455987 oval:org.mitre.oval:def:11436 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11436 Common Vulnerability Exposure (CVE) ID: CVE-2008-5021 1021186 http://www.securitytracker.com/id?1021186 http://www.mozilla.org/security/announce/2008/mfsa2008-55.html https://bugzilla.mozilla.org/show_bug.cgi?id=460002 oval:org.mitre.oval:def:9642 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Common Vulnerability Exposure (CVE) ID: CVE-2008-5022 1021188 http://www.securitytracker.com/id?1021188 http://www.mozilla.org/security/announce/2008/mfsa2008-56.html oval:org.mitre.oval:def:11186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11186
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com