Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57358
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1159-2 (mozilla-thunderbird)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mozilla-thunderbird
announced via advisory DSA 1159-2.

The latest security updates of Mozilla Thunderbird introduced a
regression that led to a disfunctional attachment panel which warrants
a correction to fix this issue. For reference please find below the
original advisory text:

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-2779

Mozilla team members discovered several crashes during testing of
the browser engine showing evidence of memory corruption which may
also lead to the execution of arbitrary code. The last bit of
this problem will be corrected with the next update. You can
prevent any trouble by disabling Javascript. [MFSA-2006-32]

CVE-2006-3805

The Javascript engine might allow remote attackers to execute
arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow
remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute
arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated
privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain
UniversalXPConnect privileges and possibly execute code or obtain
sensitive data. [MFSA-2006-53]

CVE-2006-3810

A cross-site scripting vulnerability allows remote attackers to
inject arbitrary web script or HTML. [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8b.2.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201159-2

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 18228
BugTraq ID: 19181
Common Vulnerability Exposure (CVE) ID: CVE-2006-2779
http://www.securityfocus.com/bid/18228
Bugtraq: 20060602 rPSA-2006-0091-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/435795/100/0/threaded
Cert/CC Advisory: TA06-153A
http://www.us-cert.gov/cas/techalerts/TA06-153A.html
CERT/CC vulnerability note: VU#466673
http://www.kb.cert.org/vuls/id/466673
Debian Security Information: DSA-1118 (Google Search)
http://www.debian.org/security/2006/dsa-1118
Debian Security Information: DSA-1120 (Google Search)
http://www.debian.org/security/2006/dsa-1120
Debian Security Information: DSA-1134 (Google Search)
http://www.debian.org/security/2006/dsa-1134
Debian Security Information: DSA-1159 (Google Search)
http://www.debian.org/security/2006/dsa-1159
Debian Security Information: DSA-1160 (Google Search)
http://www.debian.org/security/2006/dsa-1160
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
HPdes Security Advisory: HPSBUX02153
http://www.securityfocus.com/archive/1/446658/100/200/threaded
HPdes Security Advisory: HPSBUX02156
http://www.securityfocus.com/archive/1/446657/100/200/threaded
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762
http://www.redhat.com/support/errata/RHSA-2006-0578.html
http://www.redhat.com/support/errata/RHSA-2006-0594.html
RedHat Security Advisories: RHSA-2006:0609
http://rhn.redhat.com/errata/RHSA-2006-0609.html
http://www.redhat.com/support/errata/RHSA-2006-0610.html
http://www.redhat.com/support/errata/RHSA-2006-0611.html
http://securitytracker.com/id?1016202
http://securitytracker.com/id?1016214
http://secunia.com/advisories/20376
http://secunia.com/advisories/20382
http://secunia.com/advisories/20561
http://secunia.com/advisories/20709
http://secunia.com/advisories/21134
http://secunia.com/advisories/21176
http://secunia.com/advisories/21178
http://secunia.com/advisories/21183
http://secunia.com/advisories/21188
http://secunia.com/advisories/21210
http://secunia.com/advisories/21269
http://secunia.com/advisories/21270
http://secunia.com/advisories/21324
http://secunia.com/advisories/21336
http://secunia.com/advisories/21532
http://secunia.com/advisories/21607
http://secunia.com/advisories/21631
http://secunia.com/advisories/21634
http://secunia.com/advisories/21654
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://secunia.com/advisories/27216
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1
SuSE Security Announcement: SUSE-SA:2006:035 (Google Search)
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
https://usn.ubuntu.com/296-1/
https://usn.ubuntu.com/296-2/
https://usn.ubuntu.com/297-1/
https://usn.ubuntu.com/297-3/
https://usn.ubuntu.com/323-1/
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2007/3488
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: mozilla-browserengine-memory-corruption(26843)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843
Common Vulnerability Exposure (CVE) ID: CVE-2006-3805
http://www.securityfocus.com/bid/19181
Bugtraq: 20060727 rPSA-2006-0137-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/441333/100/0/threaded
Cert/CC Advisory: TA06-208A
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
CERT/CC vulnerability note: VU#876420
http://www.kb.cert.org/vuls/id/876420
Debian Security Information: DSA-1161 (Google Search)
http://www.debian.org/security/2006/dsa-1161
http://security.gentoo.org/glsa/glsa-200608-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
http://security.gentoo.org/glsa/glsa-200608-04.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10690
http://www.redhat.com/support/errata/RHSA-2006-0608.html
http://securitytracker.com/id?1016586
http://securitytracker.com/id?1016587
http://securitytracker.com/id?1016588
http://secunia.com/advisories/19873
http://secunia.com/advisories/21216
http://secunia.com/advisories/21228
http://secunia.com/advisories/21229
http://secunia.com/advisories/21243
http://secunia.com/advisories/21246
http://secunia.com/advisories/21250
http://secunia.com/advisories/21262
http://secunia.com/advisories/21275
http://secunia.com/advisories/21343
http://secunia.com/advisories/21358
http://secunia.com/advisories/21361
http://secunia.com/advisories/21529
http://secunia.com/advisories/21675
http://secunia.com/advisories/22055
http://secunia.com/advisories/22210
http://secunia.com/advisories/22342
SGI Security Advisory: 20060703-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
SuSE Security Announcement: SUSE-SA:2006:048 (Google Search)
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
https://usn.ubuntu.com/327-1/
https://usn.ubuntu.com/329-1/
http://www.ubuntu.com/usn/usn-350-1
http://www.ubuntu.com/usn/usn-354-1
http://www.ubuntu.com/usn/usn-361-1
http://www.vupen.com/english/advisories/2006/2998
XForce ISS Database: mozilla-garbage-collection-object-deletion(27986)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27986
Common Vulnerability Exposure (CVE) ID: CVE-2006-3806
CERT/CC vulnerability note: VU#655892
http://www.kb.cert.org/vuls/id/655892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
http://www.vupen.com/english/advisories/2007/0058
XForce ISS Database: mozilla-javascript-engine-overflow(27987)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27987
Common Vulnerability Exposure (CVE) ID: CVE-2006-3807
CERT/CC vulnerability note: VU#687396
http://www.kb.cert.org/vuls/id/687396
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374
XForce ISS Database: mozilla-js-constructor-code-execution(27988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27988
Common Vulnerability Exposure (CVE) ID: CVE-2006-3808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10845
XForce ISS Database: mozilla-pac-code-execution(27989)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27989
Common Vulnerability Exposure (CVE) ID: CVE-2006-3809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753
XForce ISS Database: mozilla-universalbrowserread-escalation(27990)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27990
Common Vulnerability Exposure (CVE) ID: CVE-2006-3810
CERT/CC vulnerability note: VU#911004
http://www.kb.cert.org/vuls/id/911004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113
XForce ISS Database: mozilla-xpcnativewrapper-xss(27991)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27991
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.