English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 114770 CVE descriptions
and 58768 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63657
Category:Fedora Local Security Checks
Title:Fedora Core 9 FEDORA-2009-2884 (thunderbird)
Summary:Fedora Core 9 FEDORA-2009-2884 (thunderbird)
Description:Description:
The remote host is missing an update to thunderbird
announced via advisory FEDORA-2009-2884.

Update Information:

Several flaws were found in the processing of malformed HTML mail content. An
HTML mail message containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code as the user running Thunderbird.
(CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,
CVE-2009-0775) Several flaws were found in the way malformed content was
processed. An HTML mail message containing specially-crafted content could
potentially trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by
default in Thunderbird. None of the above issues are exploitable unless
JavaScript is enabled.

ChangeLog:

* Fri Mar 20 2009 Christopher Aillon - 2.0.0.21-1
- Update to 2.0.0.21

References:

[ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw
https://bugzilla.redhat.com/show_bug.cgi?id=486355
[ 2 ] Bug #483139 - CVE-2009-0352 Firefox layout crashes with evidence of memory corruption
https://bugzilla.redhat.com/show_bug.cgi?id=483139
[ 3 ] Bug #483141 - CVE-2009-0353 Firefox javascript crashes with evidence of memory corruption
https://bugzilla.redhat.com/show_bug.cgi?id=483141
[ 4 ] Bug #483143 - CVE-2009-0355 Firefox local file stealing with SessionStore
https://bugzilla.redhat.com/show_bug.cgi?id=483143
[ 5 ] Bug #488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes
https://bugzilla.redhat.com/show_bug.cgi?id=488273
[ 6 ] Bug #488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine
https://bugzilla.redhat.com/show_bug.cgi?id=488283
[ 7 ] Bug #488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=488287
[ 8 ] Bug #488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect
https://bugzilla.redhat.com/show_bug.cgi?id=488290

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update thunderbird' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2884

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0040
Bugtraq: 20090312 rPSA-2009-0046-1 libpng (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501767/100/0/threaded
Bugtraq: 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/503912/100/0/threaded
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Debian Security Information: DSA-1750 (Google Search)
http://www.debian.org/security/2009/dsa-1750
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://security.gentoo.org/glsa/glsa-200903-28.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.redhat.com/support/errata/RHSA-2009-0325.html
http://www.redhat.com/support/errata/RHSA-2009-0333.html
http://www.redhat.com/support/errata/RHSA-2009-0340.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
SuSE Security Announcement: SUSE-SA:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
SuSE Security Announcement: SUSE-SA:2009:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Cert/CC Advisory: TA09-218A
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
CERT/CC vulnerability note: VU#649212
http://www.kb.cert.org/vuls/id/649212
BugTraq ID: 33827
http://www.securityfocus.com/bid/33827
BugTraq ID: 33990
http://www.securityfocus.com/bid/33990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458
http://secunia.com/advisories/34145
http://secunia.com/advisories/34210
http://secunia.com/advisories/34265
http://secunia.com/advisories/34272
http://secunia.com/advisories/34320
http://secunia.com/advisories/34388
http://secunia.com/advisories/34324
http://secunia.com/advisories/34462
http://secunia.com/advisories/34464
http://secunia.com/advisories/35074
http://secunia.com/advisories/35258
http://secunia.com/advisories/35302
http://secunia.com/advisories/35379
http://secunia.com/advisories/35386
http://secunia.com/advisories/36096
http://secunia.com/advisories/34137
http://secunia.com/advisories/34140
http://secunia.com/advisories/34143
http://secunia.com/advisories/34152
http://www.vupen.com/english/advisories/2009/0469
http://www.vupen.com/english/advisories/2009/0473
http://secunia.com/advisories/33970
http://secunia.com/advisories/33976
http://www.vupen.com/english/advisories/2009/0632
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1451
http://www.vupen.com/english/advisories/2009/1462
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1560
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2009/2172
XForce ISS Database: libpng-pointer-arrays-code-execution(48819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48819
Common Vulnerability Exposure (CVE) ID: CVE-2009-0352
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
RedHat Security Advisories: RHSA-2009:0256
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://www.redhat.com/support/errata/RHSA-2009-0257.html
http://www.redhat.com/support/errata/RHSA-2009-0258.html
SuSE Security Announcement: SUSE-SA:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://www.ubuntu.com/usn/usn-717-1
http://www.ubuntulinux.org/support/documentation/usn/usn-741-1
BugTraq ID: 33598
http://www.securityfocus.com/bid/33598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699
http://secunia.com/advisories/33802
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/34387
http://secunia.com/advisories/34417
http://secunia.com/advisories/34527
http://www.vupen.com/english/advisories/2009/0313
http://www.securitytracker.com/id?1021663
http://secunia.com/advisories/33799
http://secunia.com/advisories/33808
http://secunia.com/advisories/33809
http://secunia.com/advisories/33816
http://secunia.com/advisories/33869
Common Vulnerability Exposure (CVE) ID: CVE-2009-0353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193
Common Vulnerability Exposure (CVE) ID: CVE-2009-0772
Debian Security Information: DSA-1751 (Google Search)
http://www.debian.org/security/2009/dsa-1751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609
http://www.securitytracker.com/id?1021795
http://secunia.com/advisories/34383
Common Vulnerability Exposure (CVE) ID: CVE-2009-0774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945
Common Vulnerability Exposure (CVE) ID: CVE-2009-0775
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681
http://www.securitytracker.com/id?1021796
Common Vulnerability Exposure (CVE) ID: CVE-2009-0355
http://www.ubuntu.com/usn/usn-717-2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161
http://www.securitytracker.com/id?1021665
Common Vulnerability Exposure (CVE) ID: CVE-2009-0776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241
http://www.securitytracker.com/id?1021797
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 58768 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.