Test ID:	1.3.6.1.4.1.25623.1.0.68725
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:258 (mozilla-thunderbird)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mozilla-thunderbird announced via advisory MDVSA-2010:258. Security issues were identified and fixed in mozilla-thunderbird: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules (CVE-2010-3768). The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read (CVE-2010-3769). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-3776). Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-3777). Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-3778). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:258 http://www.mozillamessaging.com/en-US/thunderbird/3.0.11/releasenotes/ Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3768 BugTraq ID: 45352 http://www.securityfocus.com/bid/45352 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 http://www.mandriva.com/security/advisories?name=MDVSA-2010:258 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533 http://www.redhat.com/support/errata/RHSA-2010-0966.html http://www.redhat.com/support/errata/RHSA-2010-0969.html http://www.securitytracker.com/id?1024846 http://www.securitytracker.com/id?1024848 http://secunia.com/advisories/42716 http://secunia.com/advisories/42818 SuSE Security Announcement: SUSE-SA:2011:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://www.ubuntu.com/usn/USN-1019-1 http://www.ubuntu.com/usn/USN-1020-1 http://www.vupen.com/english/advisories/2011/0030 Common Vulnerability Exposure (CVE) ID: CVE-2010-3769 BugTraq ID: 45345 http://www.securityfocus.com/bid/45345 Debian Security Information: DSA-2132 (Google Search) http://www.debian.org/security/2010/dsa-2132 http://osvdb.org/69771 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12342 Common Vulnerability Exposure (CVE) ID: CVE-2010-3776 BugTraq ID: 45347 http://www.securityfocus.com/bid/45347 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12389 http://www.redhat.com/support/errata/RHSA-2010-0967.html http://www.redhat.com/support/errata/RHSA-2010-0968.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3777 BugTraq ID: 45348 http://www.securityfocus.com/bid/45348 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468 Common Vulnerability Exposure (CVE) ID: CVE-2010-3778 BugTraq ID: 45344 http://www.securityfocus.com/bid/45344 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12622
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.