English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.841083
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-1510-1)
Summary:The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-1510-1 advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-1510-1 advisory.

Vulnerability Insight:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered
memory safety issues affecting Thunderbird. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit these to
cause a denial of service via application crash, or potentially execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1948,
CVE-2012-1949)

Abhishek Arya discovered four memory safety issues affecting Thunderbird. If
the user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)

Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a site
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)

Mario Heiderich discovered that HTML tags were not filtered out of the
HTML of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the HTML
feed view. (CVE-2012-1957)

Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1958)

Bobby Holley discovered that same-compartment security wrappers (SCSW) could be
bypassed to allow XBL access. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit this to execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-1959)

Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)

Frederic Buclin discovered that the X-Frame-Options header was ignored when its
value was specified multiple times. An attacker could exploit this to conduct
clickjacking attacks. (CVE-2012-1961)

Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1962)

Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'thunderbird' package(s) on Ubuntu 10.04, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1948
BugTraq ID: 54580
http://www.securityfocus.com/bid/54580
Debian Security Information: DSA-2514 (Google Search)
http://www.debian.org/security/2012/dsa-2514
Debian Security Information: DSA-2528 (Google Search)
http://www.debian.org/security/2012/dsa-2528
http://osvdb.org/84007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16744
RedHat Security Advisories: RHSA-2012:1088
http://rhn.redhat.com/errata/RHSA-2012-1088.html
http://www.securitytracker.com/id?1027256
http://www.securitytracker.com/id?1027257
http://www.securitytracker.com/id?1027258
http://secunia.com/advisories/49963
http://secunia.com/advisories/49964
http://secunia.com/advisories/49965
http://secunia.com/advisories/49968
http://secunia.com/advisories/49972
http://secunia.com/advisories/49977
http://secunia.com/advisories/49979
http://secunia.com/advisories/49992
http://secunia.com/advisories/49993
http://secunia.com/advisories/49994
SuSE Security Announcement: SUSE-SU-2012:0895 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:0896 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
SuSE Security Announcement: openSUSE-SU-2012:0899 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:0917 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
http://www.ubuntu.com/usn/USN-1509-1
http://www.ubuntu.com/usn/USN-1509-2
http://www.ubuntu.com/usn/USN-1510-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1949
http://osvdb.org/84006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17027
Common Vulnerability Exposure (CVE) ID: CVE-2012-1951
BugTraq ID: 54578
http://www.securityfocus.com/bid/54578
http://osvdb.org/83997
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16077
Common Vulnerability Exposure (CVE) ID: CVE-2012-1952
http://osvdb.org/83999
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16942
Common Vulnerability Exposure (CVE) ID: CVE-2012-1953
http://osvdb.org/83998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16894
Common Vulnerability Exposure (CVE) ID: CVE-2012-1954
http://osvdb.org/83995
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16984
Common Vulnerability Exposure (CVE) ID: CVE-2012-1955
BugTraq ID: 54586
http://www.securityfocus.com/bid/54586
http://osvdb.org/83996
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17004
Common Vulnerability Exposure (CVE) ID: CVE-2012-1957
BugTraq ID: 54583
http://www.securityfocus.com/bid/54583
http://osvdb.org/84000
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16844
Common Vulnerability Exposure (CVE) ID: CVE-2012-1958
BugTraq ID: 54574
http://www.securityfocus.com/bid/54574
http://osvdb.org/84001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16434
Common Vulnerability Exposure (CVE) ID: CVE-2012-1959
BugTraq ID: 54576
http://www.securityfocus.com/bid/54576
http://osvdb.org/84002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920
Common Vulnerability Exposure (CVE) ID: CVE-2012-1960
BugTraq ID: 54572
http://www.securityfocus.com/bid/54572
http://osvdb.org/84010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735
Common Vulnerability Exposure (CVE) ID: CVE-2012-1961
BugTraq ID: 54584
http://www.securityfocus.com/bid/54584
http://osvdb.org/84003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16993
Common Vulnerability Exposure (CVE) ID: CVE-2012-1962
BugTraq ID: 54575
http://www.securityfocus.com/bid/54575
http://osvdb.org/84004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16729
Common Vulnerability Exposure (CVE) ID: CVE-2012-1963
BugTraq ID: 54582
http://www.securityfocus.com/bid/54582
http://osvdb.org/84005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17056
Common Vulnerability Exposure (CVE) ID: CVE-2012-1967
BugTraq ID: 54573
http://www.securityfocus.com/bid/54573
http://osvdb.org/84013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.