Test ID:	1.3.6.1.4.1.25623.1.0.840457
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-943-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-943-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-943-1 advisory. Vulnerability Insight: Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 10.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1121 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11005277222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844 http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securitytracker.com/id?1023817 http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 SuSE Security Announcement: SUSE-SA:2010:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://ubuntu.com/usn/usn-930-1 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 Common Vulnerability Exposure (CVE) ID: CVE-2010-1196 BugTraq ID: 41050 http://www.securityfocus.com/bid/41050 BugTraq ID: 41087 http://www.securityfocus.com/bid/41087 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017 http://www.securitytracker.com/id?1024138 http://www.securitytracker.com/id?1024139 http://www.vupen.com/english/advisories/2010/1551 XForce ISS Database: firefox-nsgenericdomdatanode-bo(59665) https://exchange.xforce.ibmcloud.com/vulnerabilities/59665 Common Vulnerability Exposure (CVE) ID: CVE-2010-1199 BugTraq ID: 41082 http://www.securityfocus.com/bid/41082 Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511972/100/0/threaded http://www.exploit-db.com/exploits/14949 http://www.zerodayinitiative.com/advisories/ZDI-10-113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287 http://www.redhat.com/support/errata/RHSA-2010-0499.html http://www.vupen.com/english/advisories/2010/1556 XForce ISS Database: firefox-xslt-node-code-execution(59666) https://exchange.xforce.ibmcloud.com/vulnerabilities/59666 Common Vulnerability Exposure (CVE) ID: CVE-2010-1200 BugTraq ID: 41090 http://www.securityfocus.com/bid/41090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326 XForce ISS Database: firefox-seamonkey-browser-code-exec(59659) https://exchange.xforce.ibmcloud.com/vulnerabilities/59659 Common Vulnerability Exposure (CVE) ID: CVE-2010-1201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12671 Common Vulnerability Exposure (CVE) ID: CVE-2010-1202 BugTraq ID: 41094 http://www.securityfocus.com/bid/41094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14308 XForce ISS Database: firefox-javascript-ce(59661) https://exchange.xforce.ibmcloud.com/vulnerabilities/59661 Common Vulnerability Exposure (CVE) ID: CVE-2010-1203 BugTraq ID: 41099 http://www.securityfocus.com/bid/41099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317 XForce ISS Database: mozilla-firefox-javascript-ce(59662) https://exchange.xforce.ibmcloud.com/vulnerabilities/59662
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.