Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64279
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1126
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:1126.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,
CVE-2009-1838)

Several flaws were found in the way malformed HTML mail content was
processed. An HTML mail message containing malicious content could execute
arbitrary JavaScript in the context of the mail message, possibly
presenting misleading data to the user, or stealing sensitive information
such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,
CVE-2009-1309)

A flaw was found in the way Thunderbird handled error responses returned
from proxy servers. If an attacker is able to conduct a man-in-the-middle
attack against a Thunderbird instance that is using a proxy server, they
may be able to steal sensitive information from the site Thunderbird is
displaying. (CVE-2009-1836)

Note: JavaScript support is disabled by default in Thunderbird. None of the
above issues are exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1126.html
http://www.redhat.com/security/updates/classification/#moderate

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1303
BugTraq ID: 34656
http://www.securityfocus.com/bid/34656
Debian Security Information: DSA-1797 (Google Search)
http://www.debian.org/security/2009/dsa-1797
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9455
http://www.redhat.com/support/errata/RHSA-2009-0436.html
RedHat Security Advisories: RHSA-2009:0437
http://rhn.redhat.com/errata/RHSA-2009-0437.html
http://www.redhat.com/support/errata/RHSA-2009-1125.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.securitytracker.com/id?1022090
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/34843
http://secunia.com/advisories/34844
http://secunia.com/advisories/34894
http://secunia.com/advisories/35042
http://secunia.com/advisories/35065
http://secunia.com/advisories/35536
http://secunia.com/advisories/35602
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
https://usn.ubuntu.com/764-1/
http://www.ubuntu.com/usn/usn-782-1
http://www.vupen.com/english/advisories/2009/1125
Common Vulnerability Exposure (CVE) ID: CVE-2009-1305
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6921
Common Vulnerability Exposure (CVE) ID: CVE-2009-1306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710
http://www.securitytracker.com/id?1022095
Common Vulnerability Exposure (CVE) ID: CVE-2009-1307
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
http://www.securitytracker.com/id?1022093
http://secunia.com/advisories/35561
http://secunia.com/advisories/35882
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
Common Vulnerability Exposure (CVE) ID: CVE-2009-1308
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
http://www.securitytracker.com/id?1022097
Common Vulnerability Exposure (CVE) ID: CVE-2009-1309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494
http://www.securitytracker.com/id?1022094
Common Vulnerability Exposure (CVE) ID: CVE-2009-1392
BugTraq ID: 35326
http://www.securityfocus.com/bid/35326
BugTraq ID: 35370
http://www.securityfocus.com/bid/35370
Debian Security Information: DSA-1820 (Google Search)
http://www.debian.org/security/2009/dsa-1820
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://osvdb.org/55144
http://osvdb.org/55145
http://osvdb.org/55146
http://osvdb.org/55147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501
RedHat Security Advisories: RHSA-2009:1095
https://rhn.redhat.com/errata/RHSA-2009-1095.html
RedHat Security Advisories: RHSA-2009:1096
http://rhn.redhat.com/errata/RHSA-2009-1096.html
http://securitytracker.com/id?1022376
http://www.securitytracker.com/id?1022397
http://secunia.com/advisories/35331
http://secunia.com/advisories/35415
http://secunia.com/advisories/35428
http://secunia.com/advisories/35431
http://secunia.com/advisories/35439
http://secunia.com/advisories/35440
http://secunia.com/advisories/35468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
http://www.vupen.com/english/advisories/2009/1572
http://www.vupen.com/english/advisories/2009/2152
Common Vulnerability Exposure (CVE) ID: CVE-2009-1833
BugTraq ID: 35372
http://www.securityfocus.com/bid/35372
http://osvdb.org/55152
http://osvdb.org/55153
http://osvdb.org/55154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11487
Common Vulnerability Exposure (CVE) ID: CVE-2009-1836
BugTraq ID: 35380
http://www.securityfocus.com/bid/35380
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://osvdb.org/55160
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764
http://www.securitytracker.com/id?1022396
Common Vulnerability Exposure (CVE) ID: CVE-2009-1838
BugTraq ID: 35383
http://www.securityfocus.com/bid/35383
http://osvdb.org/55157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.