Test ID:	1.3.6.1.4.1.25623.1.0.68216
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-943-1 (thunderbird)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to thunderbird announced via advisory USN-943-1. Details follow: Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: thunderbird 3.0.5+build2+nobinonly-0ubuntu0.10.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-943-1 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1121 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11005277222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844 http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securitytracker.com/id?1023817 http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 SuSE Security Announcement: SUSE-SA:2010:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://ubuntu.com/usn/usn-930-1 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 Common Vulnerability Exposure (CVE) ID: CVE-2010-1196 BugTraq ID: 41050 http://www.securityfocus.com/bid/41050 BugTraq ID: 41087 http://www.securityfocus.com/bid/41087 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017 http://www.securitytracker.com/id?1024138 http://www.securitytracker.com/id?1024139 http://www.vupen.com/english/advisories/2010/1551 XForce ISS Database: firefox-nsgenericdomdatanode-bo(59665) https://exchange.xforce.ibmcloud.com/vulnerabilities/59665 Common Vulnerability Exposure (CVE) ID: CVE-2010-1199 BugTraq ID: 41082 http://www.securityfocus.com/bid/41082 Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511972/100/0/threaded http://www.exploit-db.com/exploits/14949 http://www.zerodayinitiative.com/advisories/ZDI-10-113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287 http://www.redhat.com/support/errata/RHSA-2010-0499.html http://www.vupen.com/english/advisories/2010/1556 XForce ISS Database: firefox-xslt-node-code-execution(59666) https://exchange.xforce.ibmcloud.com/vulnerabilities/59666 Common Vulnerability Exposure (CVE) ID: CVE-2010-1200 BugTraq ID: 41090 http://www.securityfocus.com/bid/41090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326 XForce ISS Database: firefox-seamonkey-browser-code-exec(59659) https://exchange.xforce.ibmcloud.com/vulnerabilities/59659 Common Vulnerability Exposure (CVE) ID: CVE-2010-1201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12671 Common Vulnerability Exposure (CVE) ID: CVE-2010-1202 BugTraq ID: 41094 http://www.securityfocus.com/bid/41094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14308 XForce ISS Database: firefox-javascript-ce(59661) https://exchange.xforce.ibmcloud.com/vulnerabilities/59661 Common Vulnerability Exposure (CVE) ID: CVE-2010-1203 BugTraq ID: 41099 http://www.securityfocus.com/bid/41099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317 XForce ISS Database: mozilla-firefox-javascript-ce(59662) https://exchange.xforce.ibmcloud.com/vulnerabilities/59662
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.