English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880686
Category:CentOS Local Security Checks
Title:CentOS Update for thunderbird CESA-2009:0002 centos5 i386
Summary:The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513)

Several flaws were found in the way malformed content was processed. An
HTML mail message containing specially-crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2008-5503, CVE-2008-5506, CVE-2008-5507)

Note: JavaScript support is disabled by default in Thunderbird. The above
issues are not exploitable unless JavaScript is enabled.

A flaw was found in the way malformed URLs were processed by
Thunderbird. This flaw could prevent various URL sanitization mechanisms
from properly parsing a malicious URL. (CVE-2008-5508)

All Thunderbird users should upgrade to these updated packages, which
resolve these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Affected Software/OS:
thunderbird on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5500
1021417
http://www.securitytracker.com/id?1021417
256408
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
258748
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
32882
http://www.securityfocus.com/bid/32882
33184
http://secunia.com/advisories/33184
33188
http://secunia.com/advisories/33188
33189
http://secunia.com/advisories/33189
33203
http://secunia.com/advisories/33203
33204
http://secunia.com/advisories/33204
33205
http://secunia.com/advisories/33205
33216
http://secunia.com/advisories/33216
33231
http://secunia.com/advisories/33231
33232
http://secunia.com/advisories/33232
33408
http://secunia.com/advisories/33408
33415
http://secunia.com/advisories/33415
33421
http://secunia.com/advisories/33421
33433
http://secunia.com/advisories/33433
33434
http://secunia.com/advisories/33434
33523
http://secunia.com/advisories/33523
33547
http://secunia.com/advisories/33547
34501
http://secunia.com/advisories/34501
35080
http://secunia.com/advisories/35080
ADV-2009-0977
http://www.vupen.com/english/advisories/2009/0977
DSA-1696
http://www.debian.org/security/2009/dsa-1696
DSA-1697
http://www.debian.org/security/2009/dsa-1697
DSA-1704
http://www.debian.org/security/2009/dsa-1704
DSA-1707
http://www.debian.org/security/2009/dsa-1707
MDVSA-2008:244
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
MDVSA-2008:245
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
MDVSA-2009:012
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
RHSA-2008:1036
http://www.redhat.com/support/errata/RHSA-2008-1036.html
RHSA-2008:1037
http://www.redhat.com/support/errata/RHSA-2008-1037.html
RHSA-2009:0002
http://www.redhat.com/support/errata/RHSA-2009-0002.html
USN-690-1
https://usn.ubuntu.com/690-1/
USN-690-2
http://www.ubuntu.com/usn/usn-690-2
USN-690-3
https://usn.ubuntu.com/690-3/
USN-701-1
http://www.ubuntu.com/usn/usn-701-1
USN-701-2
http://www.ubuntu.com/usn/usn-701-2
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
https://bugzilla.mozilla.org/show_bug.cgi?id=460803
https://bugzilla.mozilla.org/show_bug.cgi?id=464998
mozilla-layout-code-execution-var3(47406)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47406
oval:org.mitre.oval:def:11053
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053
Common Vulnerability Exposure (CVE) ID: CVE-2008-5501
https://bugzilla.mozilla.org/show_bug.cgi?id=395623
mozilla-layout-code-execution-var4(47407)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47407
oval:org.mitre.oval:def:10257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10257
Common Vulnerability Exposure (CVE) ID: CVE-2008-5502
firefox-js-deflatestring-code-execution(47408)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47408
https://bugzilla.mozilla.org/show_bug.cgi?id=458679
oval:org.mitre.oval:def:10001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10001
Common Vulnerability Exposure (CVE) ID: CVE-2008-5503
1021424
http://www.securitytracker.com/id?1021424
http://www.mozilla.org/security/announce/2008/mfsa2008-61.html
https://bugzilla.mozilla.org/show_bug.cgi?id=379959
mozilla-xbl-information-disclosure(47409)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47409
oval:org.mitre.oval:def:11423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11423
Common Vulnerability Exposure (CVE) ID: CVE-2008-5506
1021427
http://www.securitytracker.com/id?1021427
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
https://bugzilla.mozilla.org/show_bug.cgi?id=458248
mozilla-xmlhttprequest-302-info-disclosure(47412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47412
oval:org.mitre.oval:def:10512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512
Common Vulnerability Exposure (CVE) ID: CVE-2008-5507
1021423
http://www.securitytracker.com/id?1021423
20081218 Firefox cross-domain text theft (CESA-2008-011)
http://www.securityfocus.com/archive/1/499353/100/0/threaded
http://scary.beasts.org/security/CESA-2008-011.html
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
https://bugzilla.mozilla.org/show_bug.cgi?id=461735
mozilla-javascripturl-infor-disclosure(47413)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47413
oval:org.mitre.oval:def:9376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376
Common Vulnerability Exposure (CVE) ID: CVE-2008-5508
1021426
http://www.securitytracker.com/id?1021426
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html
https://bugzilla.mozilla.org/show_bug.cgi?id=425046
mozilla-urlparsing-weak-security(47414)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47414
oval:org.mitre.oval:def:11040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040
Common Vulnerability Exposure (CVE) ID: CVE-2008-5511
1021418
http://www.securitytracker.com/id?1021418
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=451680
https://bugzilla.mozilla.org/show_bug.cgi?id=464174
mozilla-xbl-security-bypass(47417)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47417
oval:org.mitre.oval:def:11881
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881
Common Vulnerability Exposure (CVE) ID: CVE-2008-5512
mozilla-xpcnativewrappers-code-execution(47416)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47416
oval:org.mitre.oval:def:9814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9814
Common Vulnerability Exposure (CVE) ID: CVE-2008-5513
1021421
http://www.securitytracker.com/id?1021421
firefox-sessionrestore-security-bypass(47418)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
oval:org.mitre.oval:def:10389
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.