English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63636
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0258
Summary:The remote host is missing updates announced in;advisory RHSA-2009:0258.;;Mozilla Thunderbird is a standalone mail and newsgroup client.;;Several flaws were found in the processing of malformed HTML mail content.;An HTML mail message containing malicious content could cause Thunderbird;to crash or, potentially, execute arbitrary code as the user running;Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,;CVE-2009-0775);;Several flaws were found in the way malformed content was processed. An;HTML mail message containing specially-crafted content could potentially;trick a Thunderbird user into surrendering sensitive information.;(CVE-2009-0355, CVE-2009-0776);;Note: JavaScript support is disabled by default in Thunderbird. None of;the above issues are exploitable unless JavaScript is enabled.;;All Thunderbird users should upgrade to this updated package, which;resolves these issues. All running instances of Thunderbird must be;restarted for the update to take effect.
Description:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0258.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,
CVE-2009-0775)

Several flaws were found in the way malformed content was processed. An
HTML mail message containing specially-crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776)

Note: JavaScript support is disabled by default in Thunderbird. None of
the above issues are exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0352
1021663
http://www.securitytracker.com/id?1021663
33598
http://www.securityfocus.com/bid/33598
33799
http://secunia.com/advisories/33799
33802
http://secunia.com/advisories/33802
33808
http://secunia.com/advisories/33808
33809
http://secunia.com/advisories/33809
33816
http://secunia.com/advisories/33816
33831
http://secunia.com/advisories/33831
33841
http://secunia.com/advisories/33841
33846
http://secunia.com/advisories/33846
33869
http://secunia.com/advisories/33869
34324
http://secunia.com/advisories/34324
34387
http://secunia.com/advisories/34387
34417
http://secunia.com/advisories/34417
34462
http://secunia.com/advisories/34462
34464
http://secunia.com/advisories/34464
34527
http://secunia.com/advisories/34527
ADV-2009-0313
http://www.vupen.com/english/advisories/2009/0313
DSA-1830
http://www.debian.org/security/2009/dsa-1830
FEDORA-2009-1399
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
FEDORA-2009-2882
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
FEDORA-2009-2884
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
FEDORA-2009-3101
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
MDVSA-2009:044
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
MDVSA-2009:083
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
RHSA-2009:0256
http://rhn.redhat.com/errata/RHSA-2009-0256.html
RHSA-2009:0257
http://www.redhat.com/support/errata/RHSA-2009-0257.html
RHSA-2009:0258
http://www.redhat.com/support/errata/RHSA-2009-0258.html
SSA:2009-083-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
SSA:2009-083-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
SUSE-SA:2009:009
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
SUSE-SA:2009:023
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
USN-717-1
http://www.ubuntu.com/usn/usn-717-1
USN-741-1
https://usn.ubuntu.com/741-1/
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
https://bugzilla.mozilla.org/show_bug.cgi?id=331088
https://bugzilla.mozilla.org/show_bug.cgi?id=401042
https://bugzilla.mozilla.org/show_bug.cgi?id=416461
https://bugzilla.mozilla.org/show_bug.cgi?id=420697
https://bugzilla.mozilla.org/show_bug.cgi?id=421839
https://bugzilla.mozilla.org/show_bug.cgi?id=422283
https://bugzilla.mozilla.org/show_bug.cgi?id=422301
https://bugzilla.mozilla.org/show_bug.cgi?id=431705
https://bugzilla.mozilla.org/show_bug.cgi?id=437142
https://bugzilla.mozilla.org/show_bug.cgi?id=449006
https://bugzilla.mozilla.org/show_bug.cgi?id=461027
oval:org.mitre.oval:def:10699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699
Common Vulnerability Exposure (CVE) ID: CVE-2009-0353
https://bugzilla.mozilla.org/show_bug.cgi?id=452913
oval:org.mitre.oval:def:11193
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193
Common Vulnerability Exposure (CVE) ID: CVE-2009-0355
1021665
http://www.securitytracker.com/id?1021665
USN-717-2
http://www.ubuntu.com/usn/usn-717-2
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
https://bugzilla.mozilla.org/show_bug.cgi?id=466937
oval:org.mitre.oval:def:9161
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161
Common Vulnerability Exposure (CVE) ID: CVE-2009-0772
1021795
http://www.securitytracker.com/id?1021795
33990
http://www.securityfocus.com/bid/33990
34137
http://secunia.com/advisories/34137
34140
http://secunia.com/advisories/34140
34145
http://secunia.com/advisories/34145
34272
http://secunia.com/advisories/34272
34383
http://secunia.com/advisories/34383
ADV-2009-0632
http://www.vupen.com/english/advisories/2009/0632
DSA-1751
http://www.debian.org/security/2009/dsa-1751
MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
RHSA-2009:0315
http://www.redhat.com/support/errata/RHSA-2009-0315.html
RHSA-2009:0325
http://www.redhat.com/support/errata/RHSA-2009-0325.html
SUSE-SA:2009:012
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
https://bugzilla.mozilla.org/show_bug.cgi?id=475136
oval:org.mitre.oval:def:5703
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703
oval:org.mitre.oval:def:5945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945
oval:org.mitre.oval:def:6097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097
oval:org.mitre.oval:def:6811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811
oval:org.mitre.oval:def:9609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609
Common Vulnerability Exposure (CVE) ID: CVE-2009-0774
https://bugzilla.mozilla.org/show_bug.cgi?id=473709
oval:org.mitre.oval:def:11138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138
oval:org.mitre.oval:def:5947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947
oval:org.mitre.oval:def:6057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057
oval:org.mitre.oval:def:6121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121
oval:org.mitre.oval:def:6945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945
Common Vulnerability Exposure (CVE) ID: CVE-2009-0775
1021796
http://www.securitytracker.com/id?1021796
http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
https://bugzilla.mozilla.org/show_bug.cgi?id=474456
oval:org.mitre.oval:def:5806
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806
oval:org.mitre.oval:def:5816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816
oval:org.mitre.oval:def:6207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207
oval:org.mitre.oval:def:7584
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584
oval:org.mitre.oval:def:9681
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681
Common Vulnerability Exposure (CVE) ID: CVE-2009-0776
1021797
http://www.securitytracker.com/id?1021797
http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
https://bugzilla.mozilla.org/show_bug.cgi?id=414540
oval:org.mitre.oval:def:5956
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956
oval:org.mitre.oval:def:6017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017
oval:org.mitre.oval:def:6191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191
oval:org.mitre.oval:def:7390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390
oval:org.mitre.oval:def:9241
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.