| Description: | Summary:
The remote host is missing an update for the 'mozilla-thunderbird'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Security issues were identified and fixed in mozilla-thunderbird:
Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on
Windows and the potential loading of resources from non-permitted
locations. The impact would depend on whether interesting files
existed in predictable locations in a useful format. For example,
the existence or non-existence of particular images might indicate
whether certain software was installed (CVE-2011-0071).
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2011-0081,
CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,
CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).
The mozilla-thunderbird-lightning package shipped with MDVSA-2011:042
had a packaging bug that prevented extension to be loaded (#59951).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
Affected Software/OS:
mozilla-thunderbird on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64
Solution:
Please Install the Updated Packages.
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
