Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63108
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0002
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:0002.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513)

Several flaws were found in the way malformed content was processed. An
HTML mail message containing specially-crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2008-5503, CVE-2008-5506, CVE-2008-5507)

Note: JavaScript support is disabled by default in Thunderbird
the above
issues are not exploitable unless JavaScript is enabled.

A flaw was found in the way malformed URLs were processed by
Thunderbird. This flaw could prevent various URL sanitization mechanisms
from properly parsing a malicious URL. (CVE-2008-5508)

All Thunderbird users should upgrade to these updated packages, which
resolve these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0002.html
http://www.redhat.com/security/updates/classification/#moderate

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5500
BugTraq ID: 32882
http://www.securityfocus.com/bid/32882
Debian Security Information: DSA-1696 (Google Search)
http://www.debian.org/security/2009/dsa-1696
Debian Security Information: DSA-1697 (Google Search)
http://www.debian.org/security/2009/dsa-1697
Debian Security Information: DSA-1704 (Google Search)
http://www.debian.org/security/2009/dsa-1704
Debian Security Information: DSA-1707 (Google Search)
http://www.debian.org/security/2009/dsa-1707
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
https://bugzilla.mozilla.org/show_bug.cgi?id=460803
https://bugzilla.mozilla.org/show_bug.cgi?id=464998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053
http://www.redhat.com/support/errata/RHSA-2008-1036.html
http://www.redhat.com/support/errata/RHSA-2008-1037.html
http://www.redhat.com/support/errata/RHSA-2009-0002.html
http://www.securitytracker.com/id?1021417
http://secunia.com/advisories/33184
http://secunia.com/advisories/33188
http://secunia.com/advisories/33189
http://secunia.com/advisories/33203
http://secunia.com/advisories/33204
http://secunia.com/advisories/33205
http://secunia.com/advisories/33216
http://secunia.com/advisories/33231
http://secunia.com/advisories/33232
http://secunia.com/advisories/33408
http://secunia.com/advisories/33415
http://secunia.com/advisories/33421
http://secunia.com/advisories/33433
http://secunia.com/advisories/33434
http://secunia.com/advisories/33523
http://secunia.com/advisories/33547
http://secunia.com/advisories/34501
http://secunia.com/advisories/35080
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
https://usn.ubuntu.com/690-1/
http://www.ubuntu.com/usn/usn-690-2
https://usn.ubuntu.com/690-3/
http://www.ubuntu.com/usn/usn-701-1
http://www.ubuntu.com/usn/usn-701-2
http://www.vupen.com/english/advisories/2009/0977
XForce ISS Database: mozilla-layout-code-execution-var3(47406)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47406
Common Vulnerability Exposure (CVE) ID: CVE-2008-5501
https://bugzilla.mozilla.org/show_bug.cgi?id=395623
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10257
XForce ISS Database: mozilla-layout-code-execution-var4(47407)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47407
Common Vulnerability Exposure (CVE) ID: CVE-2008-5502
https://bugzilla.mozilla.org/show_bug.cgi?id=458679
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10001
XForce ISS Database: firefox-js-deflatestring-code-execution(47408)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47408
Common Vulnerability Exposure (CVE) ID: CVE-2008-5503
https://bugzilla.mozilla.org/show_bug.cgi?id=379959
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11423
http://www.securitytracker.com/id?1021424
XForce ISS Database: mozilla-xbl-information-disclosure(47409)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47409
Common Vulnerability Exposure (CVE) ID: CVE-2008-5506
https://bugzilla.mozilla.org/show_bug.cgi?id=458248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512
http://www.securitytracker.com/id?1021427
XForce ISS Database: mozilla-xmlhttprequest-302-info-disclosure(47412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47412
Common Vulnerability Exposure (CVE) ID: CVE-2008-5507
Bugtraq: 20081218 Firefox cross-domain text theft (CESA-2008-011) (Google Search)
http://www.securityfocus.com/archive/1/499353/100/0/threaded
http://scary.beasts.org/security/CESA-2008-011.html
https://bugzilla.mozilla.org/show_bug.cgi?id=461735
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376
http://www.securitytracker.com/id?1021423
XForce ISS Database: mozilla-javascripturl-infor-disclosure(47413)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47413
Common Vulnerability Exposure (CVE) ID: CVE-2008-5508
https://bugzilla.mozilla.org/show_bug.cgi?id=425046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040
http://www.securitytracker.com/id?1021426
XForce ISS Database: mozilla-urlparsing-weak-security(47414)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47414
Common Vulnerability Exposure (CVE) ID: CVE-2008-5511
https://bugzilla.mozilla.org/show_bug.cgi?id=451680
https://bugzilla.mozilla.org/show_bug.cgi?id=464174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881
http://www.securitytracker.com/id?1021418
XForce ISS Database: mozilla-xbl-security-bypass(47417)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47417
Common Vulnerability Exposure (CVE) ID: CVE-2008-5512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9814
XForce ISS Database: mozilla-xpcnativewrappers-code-execution(47416)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47416
Common Vulnerability Exposure (CVE) ID: CVE-2008-5513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389
http://www.securitytracker.com/id?1021421
XForce ISS Database: firefox-sessionrestore-security-bypass(47418)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.