ID de Prueba:	1.3.6.1.4.1.25623.1.0.63108
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0002
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2009:0002. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) Note: JavaScript support is disabled by default in Thunderbird the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) All Thunderbird users should upgrade to these updated packages, which resolve these issues. All running instances of Thunderbird must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-0002.html http://www.redhat.com/security/updates/classification/#moderate CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5500 BugTraq ID: 32882 http://www.securityfocus.com/bid/32882 Debian Security Information: DSA-1696 (Google Search) http://www.debian.org/security/2009/dsa-1696 Debian Security Information: DSA-1697 (Google Search) http://www.debian.org/security/2009/dsa-1697 Debian Security Information: DSA-1704 (Google Search) http://www.debian.org/security/2009/dsa-1704 Debian Security Information: DSA-1707 (Google Search) http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 https://bugzilla.mozilla.org/show_bug.cgi?id=460803 https://bugzilla.mozilla.org/show_bug.cgi?id=464998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053 http://www.redhat.com/support/errata/RHSA-2008-1036.html http://www.redhat.com/support/errata/RHSA-2008-1037.html http://www.redhat.com/support/errata/RHSA-2009-0002.html http://www.securitytracker.com/id?1021417 http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/33523 http://secunia.com/advisories/33547 http://secunia.com/advisories/34501 http://secunia.com/advisories/35080 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 https://usn.ubuntu.com/690-1/ http://www.ubuntu.com/usn/usn-690-2 https://usn.ubuntu.com/690-3/ http://www.ubuntu.com/usn/usn-701-1 http://www.ubuntu.com/usn/usn-701-2 http://www.vupen.com/english/advisories/2009/0977 XForce ISS Database: mozilla-layout-code-execution-var3(47406) https://exchange.xforce.ibmcloud.com/vulnerabilities/47406 Common Vulnerability Exposure (CVE) ID: CVE-2008-5501 https://bugzilla.mozilla.org/show_bug.cgi?id=395623 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10257 XForce ISS Database: mozilla-layout-code-execution-var4(47407) https://exchange.xforce.ibmcloud.com/vulnerabilities/47407 Common Vulnerability Exposure (CVE) ID: CVE-2008-5502 https://bugzilla.mozilla.org/show_bug.cgi?id=458679 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10001 XForce ISS Database: firefox-js-deflatestring-code-execution(47408) https://exchange.xforce.ibmcloud.com/vulnerabilities/47408 Common Vulnerability Exposure (CVE) ID: CVE-2008-5503 https://bugzilla.mozilla.org/show_bug.cgi?id=379959 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11423 http://www.securitytracker.com/id?1021424 XForce ISS Database: mozilla-xbl-information-disclosure(47409) https://exchange.xforce.ibmcloud.com/vulnerabilities/47409 Common Vulnerability Exposure (CVE) ID: CVE-2008-5506 https://bugzilla.mozilla.org/show_bug.cgi?id=458248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512 http://www.securitytracker.com/id?1021427 XForce ISS Database: mozilla-xmlhttprequest-302-info-disclosure(47412) https://exchange.xforce.ibmcloud.com/vulnerabilities/47412 Common Vulnerability Exposure (CVE) ID: CVE-2008-5507 Bugtraq: 20081218 Firefox cross-domain text theft (CESA-2008-011) (Google Search) http://www.securityfocus.com/archive/1/499353/100/0/threaded http://scary.beasts.org/security/CESA-2008-011.html https://bugzilla.mozilla.org/show_bug.cgi?id=461735 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376 http://www.securitytracker.com/id?1021423 XForce ISS Database: mozilla-javascripturl-infor-disclosure(47413) https://exchange.xforce.ibmcloud.com/vulnerabilities/47413 Common Vulnerability Exposure (CVE) ID: CVE-2008-5508 https://bugzilla.mozilla.org/show_bug.cgi?id=425046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040 http://www.securitytracker.com/id?1021426 XForce ISS Database: mozilla-urlparsing-weak-security(47414) https://exchange.xforce.ibmcloud.com/vulnerabilities/47414 Common Vulnerability Exposure (CVE) ID: CVE-2008-5511 https://bugzilla.mozilla.org/show_bug.cgi?id=451680 https://bugzilla.mozilla.org/show_bug.cgi?id=464174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881 http://www.securitytracker.com/id?1021418 XForce ISS Database: mozilla-xbl-security-bypass(47417) https://exchange.xforce.ibmcloud.com/vulnerabilities/47417 Common Vulnerability Exposure (CVE) ID: CVE-2008-5512 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9814 XForce ISS Database: mozilla-xpcnativewrappers-code-execution(47416) https://exchange.xforce.ibmcloud.com/vulnerabilities/47416 Common Vulnerability Exposure (CVE) ID: CVE-2008-5513 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389 http://www.securitytracker.com/id?1021421 XForce ISS Database: firefox-sessionrestore-security-bypass(47418) https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.