Test ID:	1.3.6.1.4.1.25623.1.0.63699
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-741-1)
Summary:	The remote host is missing an update for the 'mozilla-thunderbird, thunderbird' package(s) announced via the USN-741-1 advisory.
Description:	Summary: The remote host is missing an update for the 'mozilla-thunderbird, thunderbird' package(s) announced via the USN-741-1 advisory. Vulnerability Insight: Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. (CVE-2009-0352) Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0772, CVE-2009-0774) Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. (CVE-2009-0776) Affected Software/OS: 'mozilla-thunderbird, thunderbird' package(s) on Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04, Ubuntu 8.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0352 1021663 http://www.securitytracker.com/id?1021663 33598 http://www.securityfocus.com/bid/33598 33799 http://secunia.com/advisories/33799 33802 http://secunia.com/advisories/33802 33808 http://secunia.com/advisories/33808 33809 http://secunia.com/advisories/33809 33816 http://secunia.com/advisories/33816 33831 http://secunia.com/advisories/33831 33841 http://secunia.com/advisories/33841 33846 http://secunia.com/advisories/33846 33869 http://secunia.com/advisories/33869 34324 http://secunia.com/advisories/34324 34387 http://secunia.com/advisories/34387 34417 http://secunia.com/advisories/34417 34462 http://secunia.com/advisories/34462 34464 http://secunia.com/advisories/34464 34527 http://secunia.com/advisories/34527 ADV-2009-0313 http://www.vupen.com/english/advisories/2009/0313 DSA-1830 http://www.debian.org/security/2009/dsa-1830 FEDORA-2009-1399 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html FEDORA-2009-2882 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html FEDORA-2009-2884 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html FEDORA-2009-3101 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html MDVSA-2009:044 http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 MDVSA-2009:083 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 RHSA-2009:0256 http://rhn.redhat.com/errata/RHSA-2009-0256.html RHSA-2009:0257 http://www.redhat.com/support/errata/RHSA-2009-0257.html RHSA-2009:0258 http://www.redhat.com/support/errata/RHSA-2009-0258.html SSA:2009-083-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 SSA:2009-083-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SUSE-SA:2009:009 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html USN-717-1 http://www.ubuntu.com/usn/usn-717-1 USN-741-1 https://usn.ubuntu.com/741-1/ http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm http://www.mozilla.org/security/announce/2009/mfsa2009-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=331088 https://bugzilla.mozilla.org/show_bug.cgi?id=401042 https://bugzilla.mozilla.org/show_bug.cgi?id=416461 https://bugzilla.mozilla.org/show_bug.cgi?id=420697 https://bugzilla.mozilla.org/show_bug.cgi?id=421839 https://bugzilla.mozilla.org/show_bug.cgi?id=422283 https://bugzilla.mozilla.org/show_bug.cgi?id=422301 https://bugzilla.mozilla.org/show_bug.cgi?id=431705 https://bugzilla.mozilla.org/show_bug.cgi?id=437142 https://bugzilla.mozilla.org/show_bug.cgi?id=449006 https://bugzilla.mozilla.org/show_bug.cgi?id=461027 oval:org.mitre.oval:def:10699 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699 Common Vulnerability Exposure (CVE) ID: CVE-2009-0772 1021795 http://www.securitytracker.com/id?1021795 33990 http://www.securityfocus.com/bid/33990 34137 http://secunia.com/advisories/34137 34140 http://secunia.com/advisories/34140 34145 http://secunia.com/advisories/34145 34272 http://secunia.com/advisories/34272 34383 http://secunia.com/advisories/34383 ADV-2009-0632 http://www.vupen.com/english/advisories/2009/0632 DSA-1751 http://www.debian.org/security/2009/dsa-1751 MDVSA-2009:075 http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 RHSA-2009:0315 http://www.redhat.com/support/errata/RHSA-2009-0315.html RHSA-2009:0325 http://www.redhat.com/support/errata/RHSA-2009-0325.html SUSE-SA:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://www.mozilla.org/security/announce/2009/mfsa2009-07.html https://bugzilla.mozilla.org/show_bug.cgi?id=475136 oval:org.mitre.oval:def:5703 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703 oval:org.mitre.oval:def:5945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945 oval:org.mitre.oval:def:6097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097 oval:org.mitre.oval:def:6811 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811 oval:org.mitre.oval:def:9609 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609 Common Vulnerability Exposure (CVE) ID: CVE-2009-0774 https://bugzilla.mozilla.org/show_bug.cgi?id=473709 oval:org.mitre.oval:def:11138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138 oval:org.mitre.oval:def:5947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947 oval:org.mitre.oval:def:6057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057 oval:org.mitre.oval:def:6121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121 oval:org.mitre.oval:def:6945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945 Common Vulnerability Exposure (CVE) ID: CVE-2009-0776 1021797 http://www.securitytracker.com/id?1021797 http://www.mozilla.org/security/announce/2009/mfsa2009-09.html https://bugzilla.mozilla.org/show_bug.cgi?id=414540 oval:org.mitre.oval:def:5956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956 oval:org.mitre.oval:def:6017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017 oval:org.mitre.oval:def:6191 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191 oval:org.mitre.oval:def:7390 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390 oval:org.mitre.oval:def:9241 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.