Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71393
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2012:0715
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2012:0715.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2011-3101,
CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941,
CVE-2012-1946, CVE-2012-1947)

Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers
with graphics cards that have hardware acceleration enabled.

It was found that the Content Security Policy (CSP) implementation in
Thunderbird no longer blocked Thunderbird inline event handlers. Malicious
content could possibly bypass intended restrictions if that content relied
on CSP to protect against flaws such as cross-site scripting (XSS).
(CVE-2012-1944)

If a web server hosted content that is stored on a Microsoft Windows share,
or a Samba share, loading such content with Thunderbird could result in
Windows shortcut files (.lnk) in the same share also being loaded. An
attacker could use this flaw to view the contents of local files and
directories on the victim's system. This issue also affected users opening
content from Microsoft Windows shares, or Samba shares, that are mounted
on their systems. (CVE-2012-1945)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Ken Russell of Google as the original reporter of
CVE-2011-3101
Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman
as the original reporters of CVE-2012-1937
Jesse Ruderman, Igor Bukanov,
Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the
original reporters of CVE-2012-1938
Christian Holler as the original
reporter of CVE-2012-1939
security researcher Abhishek Arya of Google as
the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947

security researcher Arthur Gerkis as the original reporter of
CVE-2012-1946
security researcher Adam Barth as the original reporter of
CVE-2012-1944
and security researcher Paul Stone as the original reporter
of CVE-2012-1945.

Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.5 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-0715.html

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3101
BugTraq ID: 53540
http://www.securityfocus.com/bid/53540
http://security.gentoo.org/glsa/glsa-201205-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
RedHat Security Advisories: RHSA-2012:0710
http://rhn.redhat.com/errata/RHSA-2012-0710.html
RedHat Security Advisories: RHSA-2012:0715
http://rhn.redhat.com/errata/RHSA-2012-0715.html
http://www.securitytracker.com/id?1027067
SuSE Security Announcement: SUSE-SU-2012:0746 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
SuSE Security Announcement: openSUSE-SU-2012:0656 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:0760 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
XForce ISS Database: chrome-nvidia-code-exec(75606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75606
Common Vulnerability Exposure (CVE) ID: CVE-2012-1937
Debian Security Information: DSA-2488 (Google Search)
http://www.debian.org/security/2012/dsa-2488
Debian Security Information: DSA-2489 (Google Search)
http://www.debian.org/security/2012/dsa-2489
Debian Security Information: DSA-2499 (Google Search)
http://www.debian.org/security/2012/dsa-2499
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17055
Common Vulnerability Exposure (CVE) ID: CVE-2012-1938
BugTraq ID: 53796
http://www.securityfocus.com/bid/53796
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17058
Common Vulnerability Exposure (CVE) ID: CVE-2012-1939
Common Vulnerability Exposure (CVE) ID: CVE-2012-1940
BugTraq ID: 53794
http://www.securityfocus.com/bid/53794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17054
Common Vulnerability Exposure (CVE) ID: CVE-2012-1941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985
Common Vulnerability Exposure (CVE) ID: CVE-2012-1944
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17005
http://secunia.com/advisories/49981
Common Vulnerability Exposure (CVE) ID: CVE-2012-1945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
Common Vulnerability Exposure (CVE) ID: CVE-2012-1946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17010
Common Vulnerability Exposure (CVE) ID: CVE-2012-1947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16911
Common Vulnerability Exposure (CVE) ID: CVE-2012-3105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16912
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.