Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67911
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0682
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0682.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-3169)

A buffer overflow flaw was found in Thunderbird. An HTML mail message
containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-2765)

A use-after-free flaw and several dangling pointer flaws were found in
Thunderbird. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167, CVE-2010-3168)

A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML
content could cause Thunderbird to execute JavaScript code with the
permissions of different remote HTML content. (CVE-2010-2768)

Note: JavaScript support is disabled by default in Thunderbird. None of the
above issues are exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0682.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2760
Debian Security Information: DSA-2106 (Google Search)
http://www.debian.org/security/2010/dsa-2106
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799
http://secunia.com/advisories/42867
SuSE Security Announcement: SUSE-SA:2010:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
http://www.vupen.com/english/advisories/2010/2323
http://www.vupen.com/english/advisories/2011/0061
XForce ISS Database: mozilla-nstreeselection-code-execution(61660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61660
Common Vulnerability Exposure (CVE) ID: CVE-2010-2765
BugTraq ID: 43095
http://www.securityfocus.com/bid/43095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519
Common Vulnerability Exposure (CVE) ID: CVE-2010-2767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11969
XForce ISS Database: mozilla-pointer-code-execution(61658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61658
Common Vulnerability Exposure (CVE) ID: CVE-2010-2768
BugTraq ID: 43101
http://www.securityfocus.com/bid/43101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11735
Common Vulnerability Exposure (CVE) ID: CVE-2010-3167
BugTraq ID: 43097
http://www.securityfocus.com/bid/43097
http://www.zerodayinitiative.com/advisories/ZDI-10-171/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12136
XForce ISS Database: mozilla-nstreecontentview-code-execution(61661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61661
Common Vulnerability Exposure (CVE) ID: CVE-2010-3168
BugTraq ID: 43108
http://www.securityfocus.com/bid/43108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001
XForce ISS Database: firefox-xultree-objects-code-exec(61653)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61653
Common Vulnerability Exposure (CVE) ID: CVE-2010-3169
BugTraq ID: 43118
http://www.securityfocus.com/bid/43118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12145
XForce ISS Database: mozilla-safety-code-execution(61657)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61657
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.