English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70860
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1122-3 (thunderbird-globalmenu)
Summary:Ubuntu USN-1122-3 (thunderbird-globalmenu)
Description:The remote host is missing an update to thunderbird-globalmenu
announced via advisory USN-1122-3.

Details:

USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A
regression was introduced which caused Thunderbird to display an empty menu
bar. This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that there was a vulnerability in the memory handling of
certain types of content. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0081)

It was discovered that Thunderbird incorrectly handled certain JavaScript
requests. If JavaScript were enabled, an attacker could exploit this to
possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0069)

Ian Beer discovered a vulnerability in the memory handling of a certain
types of documents. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0070)

Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman
discovered several memory vulnerabilities. An attacker could exploit these
to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0080)

Aki Helin discovered multiple vulnerabilities in the HTML rendering code.
An attacker could exploit these to possibly run arbitrary code as the user
running Thunderbird. (CVE-2011-0074, CVE-2011-0075)

Ian Beer discovered multiple overflow vulnerabilities. An attacker could
exploit these to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0077, CVE-2011-0078)

Martin Barbella discovered a memory vulnerability in the handling of
certain DOM elements. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0072)

It was discovered that there were use-after-free vulnerabilities in
Thunderbird's mChannel and mObserverList objects. An attacker could exploit
these to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0065, CVE-2011-0066)

It was discovered that there was a vulnerability in the handling of the
nsTreeSelection element. An attacker sending a specially crafted E-Mail
could exploit this to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0073)

Paul Stone discovered a vulnerability in the handling of Java applets. If
plugins were enabled, an attacker could use this to mimic interaction with
form autocomplete controls and steal entries from the form history.
(CVE-2011-0067)

Soroush Dalili discovered a vulnerability in the resource: protocol. This
could potentially allow an attacker to load arbitrary files that were
accessible to the user running Thunderbird. (CVE-2011-0071)

Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id()
function. An attacker could possibly use this vulnerability to make other
attacks more reliable. (CVE-2011-1202)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
thunderbird-globalmenu 3.1.10+build1+nobinonly-0ubuntu0.11.04.2

http://www.securityspace.com/smysecure/catid.html?in=USN-1122-3
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0081
Debian Security Information: DSA-2227 (Google Search)
http://www.debian.org/security/2011/dsa-2227
Debian Security Information: DSA-2228 (Google Search)
http://www.debian.org/security/2011/dsa-2228
Debian Security Information: DSA-2235 (Google Search)
http://www.debian.org/security/2011/dsa-2235
http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13993
Common Vulnerability Exposure (CVE) ID: CVE-2011-0069
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14065
Common Vulnerability Exposure (CVE) ID: CVE-2011-0070
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14286
Common Vulnerability Exposure (CVE) ID: CVE-2011-0080
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13866
Common Vulnerability Exposure (CVE) ID: CVE-2011-0074
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14317
Common Vulnerability Exposure (CVE) ID: CVE-2011-0075
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14086
Common Vulnerability Exposure (CVE) ID: CVE-2011-0077
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14193
Common Vulnerability Exposure (CVE) ID: CVE-2011-0078
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14246
Common Vulnerability Exposure (CVE) ID: CVE-2011-0072
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14038
Common Vulnerability Exposure (CVE) ID: CVE-2011-0065
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14142
http://securityreason.com/securityalert/8326
http://securityreason.com/securityalert/8331
http://securityreason.com/securityalert/8340
Common Vulnerability Exposure (CVE) ID: CVE-2011-0066
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13970
Common Vulnerability Exposure (CVE) ID: CVE-2011-0073
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14020
http://securityreason.com/securityalert/8310
Common Vulnerability Exposure (CVE) ID: CVE-2011-0067
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14523
Common Vulnerability Exposure (CVE) ID: CVE-2011-0071
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14058
Common Vulnerability Exposure (CVE) ID: CVE-2011-1202
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
BugTraq ID: 46785
http://www.securityfocus.com/bid/46785
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14244
http://www.vupen.com/english/advisories/2011/0628
XForce ISS Database: google-xslt-info-disclosure(65966)
http://xforce.iss.net/xforce/xfdb/65966
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.