Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA1051] DSA-1051-1 mozilla-thunderbird Vulnerability Scan


Vulnerability Scan Summary
DSA-1051-1 mozilla-thunderbird

Detailed Explanation for this Vulnerability Test

Several security related problems have been discovered in Mozilla
Thunderbird. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:
The "run-mozilla.sh" script allows local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.
Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]
The JavaScript interpreter does not properly dereference objects,
which allows remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]
The function allocation code allows attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]
XULDocument.persist() did not validate the attribute name,
allowing a possible hacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]
An anonymous researcher for TippingPoint and the Zero Day
Initiative reported that an invalid and nonsensical ordering of
table-related tags can be exploited to execute arbitrary code.
[MFSA-2006-27]
A particular sequence of HTML tags can cause memory corruption
that can be exploited to execute arbitrary code. [MFSA-2006-18]
Georgi Guninski reports that forwarding mail in-line while using
the default HTML "rich mail" editor will execute JavaScript
embedded in the e-mail message with full rights of the client.
[MFSA-2006-21]
The HTML rendering engine does not properly block external images
from inline HTML attachments when "Block loading of remote images
in mail messages" is enabled, which could allow remote attackers
to obtain sensitive information. [MFSA-2006-26]
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
Georgi Guninski reported two variants of using scripts in an XBL
control to gain chrome rights when the page is viewed under
"Print Preview". [MFSA-2006-25]
"shutdown" discovered that the crypto.generateCRMFRequest method
can be used to run arbitrary code with the privilege of the user
running the browser, which could enable a possible hacker to install
malware. [MFSA-2006-24]
Claus Jørgensen reported that a text input box can be pr
[...]

Solution : http://www.debian.org/security/2006/dsa-1051
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.