|
|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:052: mozilla-thunderbird Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mozilla-thunderbird package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:052 (mozilla-thunderbird).
The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows
user-complicit attackers to bypass javascript security settings and obtain
sensitive information or cause a crash via an e-mail containing a javascript
URI in the SRC attribute of an IFRAME tag, which is executed when the user
edits the e-mail. Updated packages have been patched to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:052
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
