Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870817
Category:Red Hat Local Security Checks
Title:RedHat Update for thunderbird RHSA-2012:1211-01
Summary:The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2012-1970,
CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)

Content containing a malicious Scalable Vector Graphics (SVG) image file
could cause Thunderbird to crash or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird. (CVE-2012-3969,
CVE-2012-3970)

Two flaws were found in the way Thunderbird rendered certain images using
WebGL. Malicious content could cause Thunderbird to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2012-3967, CVE-2012-3968)

A flaw was found in the way Thunderbird decoded embedded bitmap images in
Icon Format (ICO) files. Content containing a malicious ICO file could
cause Thunderbird to crash or, under certain conditions, possibly execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-3966)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John
Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Frederic
Hoguin, miaubiz, Arthur Gerkis, Nicolas Gregoire, moz_bug_r_a4, and Colby
Russell as the original reporters of these issues.

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
thunderbird on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1970
BugTraq ID: 55266
http://www.securityfocus.com/bid/55266
Debian Security Information: DSA-2553 (Google Search)
http://www.debian.org/security/2012/dsa-2553
Debian Security Information: DSA-2554 (Google Search)
http://www.debian.org/security/2012/dsa-2554
Debian Security Information: DSA-2556 (Google Search)
http://www.debian.org/security/2012/dsa-2556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910
RedHat Security Advisories: RHSA-2012:1210
http://rhn.redhat.com/errata/RHSA-2012-1210.html
RedHat Security Advisories: RHSA-2012:1211
http://rhn.redhat.com/errata/RHSA-2012-1211.html
SuSE Security Announcement: SUSE-SU-2012:1157 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:1167 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
SuSE Security Announcement: openSUSE-SU-2012:1065 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
http://www.ubuntu.com/usn/USN-1548-1
http://www.ubuntu.com/usn/USN-1548-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-1972
BugTraq ID: 55314
http://www.securityfocus.com/bid/55314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17017
Common Vulnerability Exposure (CVE) ID: CVE-2012-1973
BugTraq ID: 55316
http://www.securityfocus.com/bid/55316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17045
Common Vulnerability Exposure (CVE) ID: CVE-2012-1974
BugTraq ID: 55317
http://www.securityfocus.com/bid/55317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015
Common Vulnerability Exposure (CVE) ID: CVE-2012-1975
BugTraq ID: 55318
http://www.securityfocus.com/bid/55318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17040
Common Vulnerability Exposure (CVE) ID: CVE-2012-1976
BugTraq ID: 55319
http://www.securityfocus.com/bid/55319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16818
Common Vulnerability Exposure (CVE) ID: CVE-2012-3956
BugTraq ID: 55320
http://www.securityfocus.com/bid/55320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16997
Common Vulnerability Exposure (CVE) ID: CVE-2012-3957
BugTraq ID: 55341
http://www.securityfocus.com/bid/55341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16940
Common Vulnerability Exposure (CVE) ID: CVE-2012-3958
BugTraq ID: 55323
http://www.securityfocus.com/bid/55323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16782
Common Vulnerability Exposure (CVE) ID: CVE-2012-3959
BugTraq ID: 55324
http://www.securityfocus.com/bid/55324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805
Common Vulnerability Exposure (CVE) ID: CVE-2012-3960
BugTraq ID: 55325
http://www.securityfocus.com/bid/55325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853
Common Vulnerability Exposure (CVE) ID: CVE-2012-3961
BugTraq ID: 55321
http://www.securityfocus.com/bid/55321
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16514
Common Vulnerability Exposure (CVE) ID: CVE-2012-3962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16494
Common Vulnerability Exposure (CVE) ID: CVE-2012-3963
BugTraq ID: 55340
http://www.securityfocus.com/bid/55340
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437
Common Vulnerability Exposure (CVE) ID: CVE-2012-3964
BugTraq ID: 55322
http://www.securityfocus.com/bid/55322
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857
Common Vulnerability Exposure (CVE) ID: CVE-2012-3966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246
Common Vulnerability Exposure (CVE) ID: CVE-2012-3967
BugTraq ID: 55277
http://www.securityfocus.com/bid/55277
Common Vulnerability Exposure (CVE) ID: CVE-2012-3968
BugTraq ID: 55276
http://www.securityfocus.com/bid/55276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280
Common Vulnerability Exposure (CVE) ID: CVE-2012-3969
BugTraq ID: 55292
http://www.securityfocus.com/bid/55292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16635
Common Vulnerability Exposure (CVE) ID: CVE-2012-3970
BugTraq ID: 55278
http://www.securityfocus.com/bid/55278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16876
Common Vulnerability Exposure (CVE) ID: CVE-2012-3972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234
Common Vulnerability Exposure (CVE) ID: CVE-2012-3978
BugTraq ID: 55306
http://www.securityfocus.com/bid/55306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923
Common Vulnerability Exposure (CVE) ID: CVE-2012-3980
BugTraq ID: 55257
http://www.securityfocus.com/bid/55257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17000
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.