English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68345
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2010:211 (mozilla-thunderbird)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mozilla-thunderbird
announced via advisory MDVSA-2010:211.

Security issues were identified and fixed in mozilla-thunderbird:

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).

Unspecified vulnerability in the browser engine in Mozilla Firefox
3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
2.0.9 allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do
not properly handle certain modal calls made by javascript: URLs
in circumstances related to opening a new window and performing
cross-domain navigation, which allows remote attackers to bypass the
Same Origin Policy via a crafted HTML document (CVE-2010-3178).

Stack-based buffer overflow in the text-rendering functionality in
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a long argument to the
document.write method (CVE-2010-3179).

Use-after-free vulnerability in the nsBarProp function in Mozilla
Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
attackers to execute arbitrary code by accessing the locationbar
property of a closed window (CVE-2010-3180).

A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).

The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
window.__lookupGetter__ function calls that lack arguments, which
allows remote attackers to execute arbitrary code or cause a denial
of service (incorrect pointer dereference and application crash)
via a crafted HTML document (CVE-2010-3183).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Affected: 2009.0, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:211
http://www.mozillamessaging.com/en-US/thunderbird/3.0.9/releasenotes/

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3173
Debian Security Information: DSA-2123 (Google Search)
http://www.debian.org/security/2010/dsa-2123
http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118
http://www.redhat.com/support/errata/RHSA-2010-0781.html
http://www.redhat.com/support/errata/RHSA-2010-0782.html
http://secunia.com/advisories/41839
http://secunia.com/advisories/42867
http://www.ubuntu.com/usn/USN-1007-1
http://www.vupen.com/english/advisories/2011/0061
Common Vulnerability Exposure (CVE) ID: CVE-2010-3174
Debian Security Information: DSA-2124 (Google Search)
http://www.debian.org/security/2010/dsa-2124
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11517
Common Vulnerability Exposure (CVE) ID: CVE-2010-3175
BugTraq ID: 44245
http://www.securityfocus.com/bid/44245
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11943
http://www.redhat.com/support/errata/RHSA-2010-0861.html
http://www.redhat.com/support/errata/RHSA-2010-0896.html
http://www.ubuntu.com/usn/USN-997-1
http://www.ubuntu.com/usn/USN-998-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-3176
BugTraq ID: 44243
http://www.securityfocus.com/bid/44243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12132
http://www.redhat.com/support/errata/RHSA-2010-0780.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3178
BugTraq ID: 44252
http://www.securityfocus.com/bid/44252
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12120
Common Vulnerability Exposure (CVE) ID: CVE-2010-3179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11675
Common Vulnerability Exposure (CVE) ID: CVE-2010-3180
BugTraq ID: 44248
http://www.securityfocus.com/bid/44248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12158
Common Vulnerability Exposure (CVE) ID: CVE-2010-3182
BugTraq ID: 44251
http://www.securityfocus.com/bid/44251
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13844
Common Vulnerability Exposure (CVE) ID: CVE-2010-3183
BugTraq ID: 44249
http://www.securityfocus.com/bid/44249
http://www.zerodayinitiative.com/advisories/ZDI-10-219/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11891
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.