|
Family: Fedora Local Security Checks --> Category: infos
Fedora Core 5 2006-004: thunderbird Vulnerability Scan
Vulnerability Scan Summary Check for the version of the thunderbird package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2006-004 (thunderbird).
Mozilla Thunderbird is a standalone mail and newsgroup client.
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processes
certain malformed JavaScript code. A malicious web page
could cause the execution of JavaScript code in such a way
that could cause Thunderbird to crash or execute arbitrary
code as the user running Thunderbird. JavaScript support is
disabled by default in Thunderbird
this issue is not
exploitable without enabling JavaScript. (CVE-2006-6498,
CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
Several flaws were found in the way Thunderbird renders web
pages. A malicious web page could cause the browser to crash
or possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-6497)
A heap based buffer overflow flaw was found in the way
Thunderbird parses the Content-Type mail header. A malicious
mail message could cause the Thunderbird client to crash or
possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-6505)
Users of Thunderbird are advised to apply this update, which
contains Thunderbird version 1.5.0.9 that corrects these issues.
Solution : Get the newest Fedora Updates
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|