Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870697
Category:Red Hat Local Security Checks
Title:RedHat Update for thunderbird RHSA-2011:0886-01
Summary:The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled malformed JPEG images. An
HTML mail message containing a malicious JPEG image could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2011-2377)

Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2011-0083,
CVE-2011-0085, CVE-2011-2363)

Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376)

It was found that Thunderbird could treat two separate cookies (for web
content) as interchangeable if both were for the same domain name but one
of those domain names had a trailing '.' character. This violates the
same-origin policy and could possibly lead to data being leaked to the
wrong domain. (CVE-2011-2362)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Affected Software/OS:
thunderbird on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0083
Debian Security Information: DSA-2268 (Google Search)
http://www.debian.org/security/2011/dsa-2268
Debian Security Information: DSA-2269 (Google Search)
http://www.debian.org/security/2011/dsa-2269
Debian Security Information: DSA-2273 (Google Search)
http://www.debian.org/security/2011/dsa-2273
http://www.mandriva.com/security/advisories?name=MDVSA-2011:111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13543
http://www.redhat.com/support/errata/RHSA-2011-0885.html
http://www.redhat.com/support/errata/RHSA-2011-0886.html
http://www.redhat.com/support/errata/RHSA-2011-0887.html
http://www.redhat.com/support/errata/RHSA-2011-0888.html
http://secunia.com/advisories/45002
SuSE Security Announcement: SUSE-SA:2011:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
http://www.ubuntu.com/usn/USN-1149-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-0085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432
Common Vulnerability Exposure (CVE) ID: CVE-2011-2362
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693
Common Vulnerability Exposure (CVE) ID: CVE-2011-2363
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14046
Common Vulnerability Exposure (CVE) ID: CVE-2011-2364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318
Common Vulnerability Exposure (CVE) ID: CVE-2011-2365
BugTraq ID: 48368
http://www.securityfocus.com/bid/48368
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14184
Common Vulnerability Exposure (CVE) ID: CVE-2011-2374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14123
XForce ISS Database: thunderbird-memory-ce(68128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68128
Common Vulnerability Exposure (CVE) ID: CVE-2011-2375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14071
Common Vulnerability Exposure (CVE) ID: CVE-2011-2376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14396
Common Vulnerability Exposure (CVE) ID: CVE-2011-2377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13872
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.