Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871037
Category:Red Hat Local Security Checks
Title:RedHat Update for thunderbird RHSA-2013:1269-01
Summary:The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2013-1718,
CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735,
CVE-2013-1736)

A flaw was found in the way Thunderbird handled certain DOM JavaScript
objects. An attacker could use this flaw to make JavaScript client or
add-on code make incorrect, security sensitive decisions. (CVE-2013-1737)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Andre Bargull, Scoobidiver, Bobby Holley,
Reuben Morais, Abhishek Arya, Ms2ger, Sachin Shinde, Aki Helin, Nils, and
Boris Zbarsky as the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 17.0.9 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.

Affected Software/OS:
thunderbird on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1718
BugTraq ID: 62463
http://www.securityfocus.com/bid/62463
Debian Security Information: DSA-2762 (Google Search)
http://www.debian.org/security/2013/dsa-2762
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18939
RedHat Security Advisories: RHSA-2013:1268
http://rhn.redhat.com/errata/RHSA-2013-1268.html
RedHat Security Advisories: RHSA-2013:1269
http://rhn.redhat.com/errata/RHSA-2013-1269.html
SuSE Security Announcement: openSUSE-SU-2013:1491 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
SuSE Security Announcement: openSUSE-SU-2013:1493 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
SuSE Security Announcement: openSUSE-SU-2013:1495 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
SuSE Security Announcement: openSUSE-SU-2013:1496 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00060.html
SuSE Security Announcement: openSUSE-SU-2013:1499 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
http://www.ubuntu.com/usn/USN-1951-1
http://www.ubuntu.com/usn/USN-1952-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1722
BugTraq ID: 62460
http://www.securityfocus.com/bid/62460
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19031
Common Vulnerability Exposure (CVE) ID: CVE-2013-1725
BugTraq ID: 62467
http://www.securityfocus.com/bid/62467
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19025
Common Vulnerability Exposure (CVE) ID: CVE-2013-1730
BugTraq ID: 62473
http://www.securityfocus.com/bid/62473
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19022
Common Vulnerability Exposure (CVE) ID: CVE-2013-1732
BugTraq ID: 62469
http://www.securityfocus.com/bid/62469
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18520
Common Vulnerability Exposure (CVE) ID: CVE-2013-1735
BugTraq ID: 62479
http://www.securityfocus.com/bid/62479
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18443
Common Vulnerability Exposure (CVE) ID: CVE-2013-1736
BugTraq ID: 62478
http://www.securityfocus.com/bid/62478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18856
Common Vulnerability Exposure (CVE) ID: CVE-2013-1737
BugTraq ID: 62475
http://www.securityfocus.com/bid/62475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18789
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.