Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN157-1 : mozilla-thunderbird vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
mozilla-thunderbird vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- mozilla-enigmail
- mozilla-thunderbird
- mozilla-thunderbird-dev
- mozilla-thunderbird-enigmail
- mozilla-thunderbird-inspector
- mozilla-thunderbird-offline
- mozilla-thunderbird-typeaheadfind


Description :

Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous
functions during regular expression string replacement. A malicious HTML email
could exploit this to capture a random block of client memory. (CVE-2005-0989)

Georgi Guninski discovered that the types of certain XPInstall related
JavaScript objects were not sufficiently validated when they were called. This
could be exploited by malicious HTML email content to crash Thunderbird or even
execute arbitrary code with the rights of the user. (CVE-2005-1159)

Thunderbird did not properly verify the values of XML DOM nodes. By tricking
the user to perform a common action like clicking on a link or opening the
context menu, a malicious HTML email could exploit this to execute arbitrary
JavaScript code with the full rights of the user. (CVE-2005-1160)

A variant of the attack described in CVE-2005-1160 (see USN-124-1) was
discovered. Additional checks were added to make sure Javascript eval and
script objects are run with the p
[...]

Solution :

Upgrade to :
- mozilla-enigmail-0.92-1ubuntu05.04.1 (Ubuntu 5.04)
- mozilla-thunderbird-1.0.6-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-thunderbird-dev-1.0.6-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-thunderbird-enigmail-0.92-1ubuntu05.04.1 (Ubuntu 5.04)
- mozilla-thunderbird-inspector-1.0.6-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-thunderbird-offline-1.0.6-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-thunderbird-typeaheadfind-1.0.6-0ubuntu05.04 (Ubuntu 5.04)



Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.