Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-782-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.64324
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-782-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-782-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-782-1 advisory. Vulnerability Insight: Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1303, CVE-2009-1305, CVE-2009-1392, CVE-2009-1833, CVE-2009-1838) Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. If JavaScript were enabled, an attacker could exploit this to perform script injection attacks using XBL bindings. (CVE-2009-1308) Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. If a user had JavaScript enabled while using Thunderbird to view websites and a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2009-1836) It was discovered that Thunderbird could be made to run scripts with elevated privileges. If a user had JavaScript enabled while having certain non-default add-ons installed and were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website. (CVE-2009-1841) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1303 1022090 http://www.securitytracker.com/id?1022090 264308 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 34656 http://www.securityfocus.com/bid/34656 34758 http://secunia.com/advisories/34758 34780 http://secunia.com/advisories/34780 34843 http://secunia.com/advisories/34843 34844 http://secunia.com/advisories/34844 34894 http://secunia.com/advisories/34894 35042 http://secunia.com/advisories/35042 35065 http://secunia.com/advisories/35065 35536 http://secunia.com/advisories/35536 35602 http://secunia.com/advisories/35602 ADV-2009-1125 http://www.vupen.com/english/advisories/2009/1125 DSA-1797 http://www.debian.org/security/2009/dsa-1797 DSA-1830 http://www.debian.org/security/2009/dsa-1830 FEDORA-2009-3875 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html MDVSA-2009:111 http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 MDVSA-2009:141 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 RHSA-2009:0436 http://www.redhat.com/support/errata/RHSA-2009-0436.html RHSA-2009:0437 http://rhn.redhat.com/errata/RHSA-2009-0437.html RHSA-2009:1125 http://www.redhat.com/support/errata/RHSA-2009-1125.html RHSA-2009:1126 http://www.redhat.com/support/errata/RHSA-2009-1126.html SSA:2009-178-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275 SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html USN-764-1 https://usn.ubuntu.com/764-1/ USN-782-1 http://www.ubuntu.com/usn/usn-782-1 http://www.mozilla.org/security/announce/2009/mfsa2009-14.html https://bugzilla.mozilla.org/show_bug.cgi?id=453736 oval:org.mitre.oval:def:5810 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5810 oval:org.mitre.oval:def:5992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5992 oval:org.mitre.oval:def:6151 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6151 oval:org.mitre.oval:def:6646 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6646 oval:org.mitre.oval:def:9455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9455 Common Vulnerability Exposure (CVE) ID: CVE-2009-1305 https://bugzilla.mozilla.org/show_bug.cgi?id=476049 oval:org.mitre.oval:def:10110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10110 oval:org.mitre.oval:def:6090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6090 oval:org.mitre.oval:def:6232 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6232 oval:org.mitre.oval:def:6248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6248 oval:org.mitre.oval:def:6921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6921 Common Vulnerability Exposure (CVE) ID: CVE-2009-1306 1022095 http://www.securitytracker.com/id?1022095 http://www.mozilla.org/security/announce/2009/mfsa2009-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=474536 oval:org.mitre.oval:def:10150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150 oval:org.mitre.oval:def:6021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021 oval:org.mitre.oval:def:6194 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194 oval:org.mitre.oval:def:6312 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312 oval:org.mitre.oval:def:6710 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710 Common Vulnerability Exposure (CVE) ID: CVE-2009-1307 1022093 http://www.securitytracker.com/id?1022093 35561 http://secunia.com/advisories/35561 35882 http://secunia.com/advisories/35882 FEDORA-2009-7567 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html FEDORA-2009-7614 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html SSA:2009-176-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 http://www.mozilla.org/security/announce/2009/mfsa2009-17.html https://bugzilla.mozilla.org/show_bug.cgi?id=481342 oval:org.mitre.oval:def:10972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972 oval:org.mitre.oval:def:5933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933 oval:org.mitre.oval:def:6154 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154 oval:org.mitre.oval:def:6266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266 oval:org.mitre.oval:def:7008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008 Common Vulnerability Exposure (CVE) ID: CVE-2009-1308 1022097 http://www.securitytracker.com/id?1022097 http://www.mozilla.org/security/announce/2009/mfsa2009-18.html http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/ https://bugzilla.mozilla.org/show_bug.cgi?id=481558 oval:org.mitre.oval:def:10428 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428 oval:org.mitre.oval:def:6173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173 oval:org.mitre.oval:def:6185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185 oval:org.mitre.oval:def:6296 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296 oval:org.mitre.oval:def:7285 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285 Common Vulnerability Exposure (CVE) ID: CVE-2009-1309 1022094 http://www.securitytracker.com/id?1022094 http://www.mozilla.org/security/announce/2009/mfsa2009-19.html https://bugzilla.mozilla.org/show_bug.cgi?id=478433 https://bugzilla.mozilla.org/show_bug.cgi?id=482206 oval:org.mitre.oval:def:5265 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265 oval:org.mitre.oval:def:5591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591 oval:org.mitre.oval:def:6139 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139 oval:org.mitre.oval:def:6831 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831 oval:org.mitre.oval:def:9494 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494 Common Vulnerability Exposure (CVE) ID: CVE-2009-1392 1020800 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1 1022376 http://securitytracker.com/id?1022376 1022397 http://www.securitytracker.com/id?1022397 265068 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1 35326 http://www.securityfocus.com/bid/35326 35331 http://secunia.com/advisories/35331 35370 http://www.securityfocus.com/bid/35370 35415 http://secunia.com/advisories/35415 35428 http://secunia.com/advisories/35428 35431 http://secunia.com/advisories/35431 35439 http://secunia.com/advisories/35439 35440 http://secunia.com/advisories/35440 35468 http://secunia.com/advisories/35468 55144 http://osvdb.org/55144 55145 http://osvdb.org/55145 55146 http://osvdb.org/55146 55147 http://osvdb.org/55147 ADV-2009-1572 http://www.vupen.com/english/advisories/2009/1572 ADV-2009-2152 http://www.vupen.com/english/advisories/2009/2152 DSA-1820 http://www.debian.org/security/2009/dsa-1820 FEDORA-2009-6366 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html FEDORA-2009-6411 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html RHSA-2009:1095 https://rhn.redhat.com/errata/RHSA-2009-1095.html RHSA-2009:1096 http://rhn.redhat.com/errata/RHSA-2009-1096.html SSA:2009-167-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://www.mozilla.org/security/announce/2009/mfsa2009-24.html https://bugzilla.mozilla.org/show_bug.cgi?id=380359 https://bugzilla.mozilla.org/show_bug.cgi?id=429969 https://bugzilla.mozilla.org/show_bug.cgi?id=431086 https://bugzilla.mozilla.org/show_bug.cgi?id=432068 https://bugzilla.mozilla.org/show_bug.cgi?id=451341 https://bugzilla.mozilla.org/show_bug.cgi?id=472776 https://bugzilla.mozilla.org/show_bug.cgi?id=486398 https://bugzilla.mozilla.org/show_bug.cgi?id=489041 https://bugzilla.mozilla.org/show_bug.cgi?id=490410 https://bugzilla.mozilla.org/show_bug.cgi?id=490425 https://bugzilla.mozilla.org/show_bug.cgi?id=490513 https://bugzilla.redhat.com/show_bug.cgi?id=503568 oval:org.mitre.oval:def:9501 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501 Common Vulnerability Exposure (CVE) ID: CVE-2009-1833 35372 http://www.securityfocus.com/bid/35372 55152 http://osvdb.org/55152 55153 http://osvdb.org/55153 55154 http://osvdb.org/55154 https://bugzilla.mozilla.org/show_bug.cgi?id=369696 https://bugzilla.mozilla.org/show_bug.cgi?id=426520 https://bugzilla.mozilla.org/show_bug.cgi?id=427196 https://bugzilla.mozilla.org/show_bug.cgi?id=487204 https://bugzilla.redhat.com/show_bug.cgi?id=503570 oval:org.mitre.oval:def:11487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11487 Common Vulnerability Exposure (CVE) ID: CVE-2009-1836 1022396 http://www.securitytracker.com/id?1022396 35380 http://www.securityfocus.com/bid/35380 55160 http://osvdb.org/55160 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://www.mozilla.org/security/announce/2009/mfsa2009-27.html https://bugzilla.mozilla.org/show_bug.cgi?id=479880 https://bugzilla.redhat.com/show_bug.cgi?id=503578 oval:org.mitre.oval:def:11764 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764 Common Vulnerability Exposure (CVE) ID: CVE-2009-1838 35383 http://www.securityfocus.com/bid/35383 55157 http://osvdb.org/55157 http://www.mozilla.org/security/announce/2009/mfsa2009-29.html https://bugzilla.mozilla.org/show_bug.cgi?id=489131 https://bugzilla.redhat.com/show_bug.cgi?id=503580 oval:org.mitre.oval:def:11080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080 Common Vulnerability Exposure (CVE) ID: CVE-2009-1841 35373 http://www.securityfocus.com/bid/35373 55159 http://osvdb.org/55159 http://www.mozilla.org/security/announce/2009/mfsa2009-32.html https://bugzilla.mozilla.org/show_bug.cgi?id=479560 https://bugzilla.redhat.com/show_bug.cgi?id=503583 oval:org.mitre.oval:def:9815 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815
Copyright	Copyright (C) 2009 Greenbone AG