Test ID:	1.3.6.1.4.1.25623.1.0.66973
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:051 (mozilla-thunderbird)
Summary:	Mandriva Security Advisory MDVSA-2010:051 (mozilla-thunderbird)
Description:	The remote host is missing an update to mozilla-thunderbird announced via advisory MDVSA-2010:051. A vulnerabilitiy has been found and corrected in mozilla-thunderbird: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called (CVE-2009-1571). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.1, 2010.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:051 http://www.mozilla.org/security/announce/2010/mfsa2010-03.html Risk factor : Critical
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1571 Bugtraq: 20100218 Secunia Research: Mozilla Firefox Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509585/100/0/threaded http://secunia.com/secunia_research/2009-45/ Debian Security Information: DSA-1999 (Google Search) http://www.debian.org/security/2010/dsa-1999 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 http://www.mandriva.com/security/advisories?name=MDVSA-2010:051 http://www.redhat.com/support/errata/RHSA-2010-0112.html http://www.redhat.com/support/errata/RHSA-2010-0113.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html SuSE Security Announcement: SUSE-SA:2010:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://www.ubuntu.com/usn/USN-895-1 http://www.ubuntu.com/usn/USN-896-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11227 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8615 http://secunia.com/advisories/37242 http://secunia.com/advisories/38770 http://secunia.com/advisories/38772 http://secunia.com/advisories/38847 http://www.vupen.com/english/advisories/2010/0405 http://www.vupen.com/english/advisories/2010/0650 XForce ISS Database: mozilla-htmlparser-code-exec(56361) http://xforce.iss.net/xforce/xfdb/56361
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: