English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831729
Category:Mandrake Local Security Checks
Title:Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird)
Summary:The remote host is missing an update for the 'mozilla-thunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'mozilla-thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Security issues were identified and fixed in mozilla thunderbird:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2012-1971).

In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled,
but are potentially a risk in browser or browser-like contexts in
those products (CVE-2012-1970).

Security researcher Abhishek Arya (Inferno) of Google Chrome Security
Team discovered a series of use-after-free issues using the Address
Sanitizer tool. Many of these issues are potentially exploitable,
allowing for remote code execution (CVE-2012-1972, CVE-2012-1973,
CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956,
CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964).

Security researcher Mariusz Mlynski reported that it is possible to
shadow the location object using Object.defineProperty. This could
be used to confuse the current location to plugins, allowing for
possible cross-site scripting (XSS) attacks (CVE-2012-1956).

Security researcher Frederic Hoguin reported two related issues with
the decoding of bitmap (.BMP) format images embedded in icon (.ICO)
format files. When processing a negative height header value for
the bitmap image, a memory corruption can be induced, allowing an
attacker to write random memory and cause a crash. This crash may be
potentially exploitable (CVE-2012-3966).

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
mozilla-thunderbird on Mandriva Linux 2011.0

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16841
SuSE Security Announcement: SUSE-SU-2012:1157 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:1167 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
http://www.ubuntu.com/usn/USN-1548-1
http://www.ubuntu.com/usn/USN-1548-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-1970
BugTraq ID: 55266
http://www.securityfocus.com/bid/55266
Debian Security Information: DSA-2553 (Google Search)
http://www.debian.org/security/2012/dsa-2553
Debian Security Information: DSA-2554 (Google Search)
http://www.debian.org/security/2012/dsa-2554
Debian Security Information: DSA-2556 (Google Search)
http://www.debian.org/security/2012/dsa-2556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910
RedHat Security Advisories: RHSA-2012:1210
http://rhn.redhat.com/errata/RHSA-2012-1210.html
RedHat Security Advisories: RHSA-2012:1211
http://rhn.redhat.com/errata/RHSA-2012-1211.html
SuSE Security Announcement: openSUSE-SU-2012:1065 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-1972
BugTraq ID: 55314
http://www.securityfocus.com/bid/55314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17017
Common Vulnerability Exposure (CVE) ID: CVE-2012-1973
BugTraq ID: 55316
http://www.securityfocus.com/bid/55316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17045
Common Vulnerability Exposure (CVE) ID: CVE-2012-1974
BugTraq ID: 55317
http://www.securityfocus.com/bid/55317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015
Common Vulnerability Exposure (CVE) ID: CVE-2012-1975
BugTraq ID: 55318
http://www.securityfocus.com/bid/55318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17040
Common Vulnerability Exposure (CVE) ID: CVE-2012-1976
BugTraq ID: 55319
http://www.securityfocus.com/bid/55319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16818
Common Vulnerability Exposure (CVE) ID: CVE-2012-3956
BugTraq ID: 55320
http://www.securityfocus.com/bid/55320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16997
Common Vulnerability Exposure (CVE) ID: CVE-2012-3957
BugTraq ID: 55341
http://www.securityfocus.com/bid/55341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16940
Common Vulnerability Exposure (CVE) ID: CVE-2012-3958
BugTraq ID: 55323
http://www.securityfocus.com/bid/55323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16782
Common Vulnerability Exposure (CVE) ID: CVE-2012-3959
BugTraq ID: 55324
http://www.securityfocus.com/bid/55324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805
Common Vulnerability Exposure (CVE) ID: CVE-2012-3960
BugTraq ID: 55325
http://www.securityfocus.com/bid/55325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853
Common Vulnerability Exposure (CVE) ID: CVE-2012-3961
BugTraq ID: 55321
http://www.securityfocus.com/bid/55321
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16514
Common Vulnerability Exposure (CVE) ID: CVE-2012-3962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16494
Common Vulnerability Exposure (CVE) ID: CVE-2012-3963
BugTraq ID: 55340
http://www.securityfocus.com/bid/55340
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437
Common Vulnerability Exposure (CVE) ID: CVE-2012-3964
BugTraq ID: 55322
http://www.securityfocus.com/bid/55322
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857
Common Vulnerability Exposure (CVE) ID: CVE-2012-1956
BugTraq ID: 55260
http://www.securityfocus.com/bid/55260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16367
RedHat Security Advisories: RHSA-2012:1351
http://rhn.redhat.com/errata/RHSA-2012-1351.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246
Common Vulnerability Exposure (CVE) ID: CVE-2012-3968
BugTraq ID: 55276
http://www.securityfocus.com/bid/55276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280
Common Vulnerability Exposure (CVE) ID: CVE-2012-3967
BugTraq ID: 55277
http://www.securityfocus.com/bid/55277
Common Vulnerability Exposure (CVE) ID: CVE-2012-3969
BugTraq ID: 55292
http://www.securityfocus.com/bid/55292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16635
Common Vulnerability Exposure (CVE) ID: CVE-2012-3970
BugTraq ID: 55278
http://www.securityfocus.com/bid/55278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16876
Common Vulnerability Exposure (CVE) ID: CVE-2012-3971
BugTraq ID: 55304
http://www.securityfocus.com/bid/55304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16062
Common Vulnerability Exposure (CVE) ID: CVE-2012-3972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234
Common Vulnerability Exposure (CVE) ID: CVE-2012-3974
BugTraq ID: 55312
http://www.securityfocus.com/bid/55312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692
Common Vulnerability Exposure (CVE) ID: CVE-2012-3975
BugTraq ID: 55311
http://www.securityfocus.com/bid/55311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16855
Common Vulnerability Exposure (CVE) ID: CVE-2012-3978
BugTraq ID: 55306
http://www.securityfocus.com/bid/55306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923
Common Vulnerability Exposure (CVE) ID: CVE-2012-3980
BugTraq ID: 55257
http://www.securityfocus.com/bid/55257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17000
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.