Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57691
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1227-1 (mozilla-thunderbird)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mozilla-thunderbird
announced via advisory DSA 1227-1.

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird. The Common Vulnerabilities
and Exposures project identifies the following vulnerabilities:

CVE-2006-4310

Tomas Kempinsky discovered that malformed FTP server responses
could lead to denial of service.

CVE-2006-5462

Ulrich Kühn discovered that the correction for a cryptographic
flaw in the handling of PKCS-1 certificates was incomplete, which
allows the forgery of certificates.

CVE-2006-5463

shutdown discovered that modification of JavaScript objects
during execution could lead to the execution of arbitrary
JavaScript bytecode.

CVE-2006-5464

Jesse Ruderman and Martijn Wargers discovered several crashes in
the layout engine, which might also allow execution of arbitrary
code.

CVE-2006-5748

Igor Bukanov and Jesse Ruderman discovered several crashes in the
JavaScript engine, which might allow execution of arbitrary code.

This update also adresses several crashes, which could be triggered by
malicious websites and fixes a regression introduced in the previous
Mozilla update.


For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in
the current icedove package 1.5.0.8.

We recommend that you upgrade your mozilla-thunderbird package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201227-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 19678
BugTraq ID: 20957
Common Vulnerability Exposure (CVE) ID: CVE-2006-4310
http://www.securityfocus.com/bid/19678
Bugtraq: 20060822 (exploit) firefox 1.5.0.6 linux DoS (Google Search)
http://www.securityfocus.com/archive/1/444064/100/0/threaded
Debian Security Information: DSA-1224 (Google Search)
http://www.debian.org/security/2006/dsa-1224
Debian Security Information: DSA-1225 (Google Search)
http://www.debian.org/security/2006/dsa-1225
Debian Security Information: DSA-1227 (Google Search)
http://www.debian.org/security/2006/dsa-1227
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://securityreason.com/securityalert/1444
Common Vulnerability Exposure (CVE) ID: CVE-2006-5462
Cert/CC Advisory: TA06-312A
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
CERT/CC vulnerability note: VU#335392
http://www.kb.cert.org/vuls/id/335392
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
HPdes Security Advisory: HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
RedHat Security Advisories: RHSA-2006:0733
http://rhn.redhat.com/errata/RHSA-2006-0733.html
RedHat Security Advisories: RHSA-2006:0734
http://rhn.redhat.com/errata/RHSA-2006-0734.html
RedHat Security Advisories: RHSA-2006:0735
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://secunia.com/advisories/22066
http://secunia.com/advisories/22722
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://secunia.com/advisories/22770
http://secunia.com/advisories/22815
http://secunia.com/advisories/22817
http://secunia.com/advisories/22929
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://secunia.com/advisories/23883
http://secunia.com/advisories/24711
SGI Security Advisory: 20061101-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
SuSE Security Announcement: SUSE-SA:2006:068 (Google Search)
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/4387
http://www.vupen.com/english/advisories/2007/0293
http://www.vupen.com/english/advisories/2007/1198
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: mozilla-nss-security-bypass(30098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
Common Vulnerability Exposure (CVE) ID: CVE-2006-5463
http://www.securityfocus.com/bid/20957
Bugtraq: 20061109 rPSA-2006-0206-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/451099/100/0/threaded
CERT/CC vulnerability note: VU#714496
http://www.kb.cert.org/vuls/id/714496
https://bugzilla.mozilla.org/show_bug.cgi?id=355655
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10357
http://securitytracker.com/id?1017184
http://securitytracker.com/id?1017185
http://securitytracker.com/id?1017186
http://secunia.com/advisories/22774
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103011-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200185-1
http://www.vupen.com/english/advisories/2007/2663
XForce ISS Database: mozilla-script-code-execution(30116)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30116
Common Vulnerability Exposure (CVE) ID: CVE-2006-5464
CERT/CC vulnerability note: VU#495288
http://www.kb.cert.org/vuls/id/495288
https://bugzilla.mozilla.org/show_bug.cgi?id=307809
https://bugzilla.mozilla.org/show_bug.cgi?id=310267
https://bugzilla.mozilla.org/show_bug.cgi?id=350370
https://bugzilla.mozilla.org/show_bug.cgi?id=351328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9304
http://securitytracker.com/id?1017177
http://securitytracker.com/id?1017178
http://securitytracker.com/id?1017179
http://secunia.com/advisories/27328
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1
http://www.vupen.com/english/advisories/2007/3588
XForce ISS Database: mozilla-layout-dos(30092)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30092
Common Vulnerability Exposure (CVE) ID: CVE-2006-5748
CERT/CC vulnerability note: VU#390480
http://www.kb.cert.org/vuls/id/390480
https://bugzilla.mozilla.org/show_bug.cgi?id=349527
https://bugzilla.mozilla.org/show_bug.cgi?id=350238
https://bugzilla.mozilla.org/show_bug.cgi?id=351116
https://bugzilla.mozilla.org/show_bug.cgi?id=351973
https://bugzilla.mozilla.org/show_bug.cgi?id=352271
https://bugzilla.mozilla.org/show_bug.cgi?id=352606
https://bugzilla.mozilla.org/show_bug.cgi?id=353165
https://bugzilla.mozilla.org/show_bug.cgi?id=354145
https://bugzilla.mozilla.org/show_bug.cgi?id=354151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11408
http://secunia.com/advisories/27603
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201335-1
http://www.vupen.com/english/advisories/2007/3821
XForce ISS Database: mozilla-javascript-engine-code-execution(30096)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30096
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.