Test ID:	1.3.6.1.4.1.25623.1.0.841519
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1925-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-1925-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-1925-1 advisory. Vulnerability Insight: Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1701) It was discovered that a document's URI could be set to the URI of a different document. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1709) A flaw was discovered when generating a CRMF request in certain circumstances. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1710) Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. (CVE-2013-1713) Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1714) Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. If a user had scripting enabled, an attacker could potentially exploit this to steal confidential data. (CVE-2013-1717) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1701 BugTraq ID: 61874 http://www.securityfocus.com/bid/61874 Debian Security Information: DSA-2735 (Google Search) http://www.debian.org/security/2013/dsa-2735 Debian Security Information: DSA-2746 (Google Search) http://www.debian.org/security/2013/dsa-2746 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514 Common Vulnerability Exposure (CVE) ID: CVE-2013-1709 BugTraq ID: 61867 http://www.securityfocus.com/bid/61867 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531 Common Vulnerability Exposure (CVE) ID: CVE-2013-1710 BugTraq ID: 61900 http://www.securityfocus.com/bid/61900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 Common Vulnerability Exposure (CVE) ID: CVE-2013-1713 BugTraq ID: 61876 http://www.securityfocus.com/bid/61876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884 Common Vulnerability Exposure (CVE) ID: CVE-2013-1714 BugTraq ID: 61882 http://www.securityfocus.com/bid/61882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002 Common Vulnerability Exposure (CVE) ID: CVE-2013-1717 BugTraq ID: 61896 http://www.securityfocus.com/bid/61896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.