Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870676
Category:Red Hat Local Security Checks
Title:RedHat Update for thunderbird RHSA-2011:1166-01
Summary:The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-2982)

A dangling pointer flaw was found in the Thunderbird Scalable Vector
Graphics (SVG) text manipulation routine. An HTML mail message containing a
malicious SVG image could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-0084)

A dangling pointer flaw was found in the way Thunderbird handled a certain
Document Object Model (DOM) element. An HTML mail message containing
malicious content could cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-2378)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Affected Software/OS:
thunderbird on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0084
Debian Security Information: DSA-2295 (Google Search)
http://www.debian.org/security/2011/dsa-2295
Debian Security Information: DSA-2296 (Google Search)
http://www.debian.org/security/2011/dsa-2296
Debian Security Information: DSA-2297 (Google Search)
http://www.debian.org/security/2011/dsa-2297
http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14502
http://www.redhat.com/support/errata/RHSA-2011-1164.html
http://www.redhat.com/support/errata/RHSA-2011-1166.html
SuSE Security Announcement: SUSE-SA:2011:037 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
SuSE Security Announcement: SUSE-SU-2011:0967 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14163
Common Vulnerability Exposure (CVE) ID: CVE-2011-2982
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14294
http://www.redhat.com/support/errata/RHSA-2011-1165.html
http://www.redhat.com/support/errata/RHSA-2011-1167.html
http://www.securitytracker.com/id?1025940
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.