General : Mozilla Thunderbird Security Bypass Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803668

Categoría: General

Título: Mozilla Thunderbird Security Bypass Vulnerabilities - Oct 12 (Windows)

Resumen: The host is installed with Mozilla Thunderbird and is prone to multiple; vulnerabilities.

Descripción: Summary:
The host is installed with Mozilla Thunderbird and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Security wrappers are unwrapped without doing a security check in
defaultValue(). This can allow for improper access to the Location object.

Vulnerability Impact:
Successful exploitation will let attackers to bypass the Same Origin Policy
and read the properties of a Location object via a crafted web site.

Affected Software/OS:
Thunderbird versions before 16.0.1 on Windows

Solution:
Upgrade to Thunderbird version 16.0.1 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 55889
Common Vulnerability Exposure (CVE) ID: CVE-2012-4192
http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17095
http://secunia.com/advisories/50904
http://secunia.com/advisories/50929
http://secunia.com/advisories/50984
http://secunia.com/advisories/55318
SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://www.ubuntu.com/usn/USN-1608-1
http://www.ubuntu.com/usn/USN-1611-1
XForce ISS Database: mozilla-sop-security-bypass(79210)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79210
Common Vulnerability Exposure (CVE) ID: CVE-2012-4193
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16786
RedHat Security Advisories: RHSA-2012:1361
http://rhn.redhat.com/errata/RHSA-2012-1361.html
RedHat Security Advisories: RHSA-2012:1362
http://rhn.redhat.com/errata/RHSA-2012-1362.html
http://secunia.com/advisories/50906
http://secunia.com/advisories/50907
http://secunia.com/advisories/50964
XForce ISS Database: mozilla-location-security-bypass(79211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79211

Copyright Copyright (C) 2013 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803668
Categoría:	General
Título:	Mozilla Thunderbird Security Bypass Vulnerabilities - Oct 12 (Windows)
Resumen:	The host is installed with Mozilla Thunderbird and is prone to multiple; vulnerabilities.
Descripción:	Summary: The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. Vulnerability Insight: Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. Vulnerability Impact: Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site. Affected Software/OS: Thunderbird versions before 16.0.1 on Windows Solution: Upgrade to Thunderbird version 16.0.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 55889 Common Vulnerability Exposure (CVE) ID: CVE-2012-4192 http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17095 http://secunia.com/advisories/50904 http://secunia.com/advisories/50929 http://secunia.com/advisories/50984 http://secunia.com/advisories/55318 SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://www.ubuntu.com/usn/USN-1608-1 http://www.ubuntu.com/usn/USN-1611-1 XForce ISS Database: mozilla-sop-security-bypass(79210) https://exchange.xforce.ibmcloud.com/vulnerabilities/79210 Common Vulnerability Exposure (CVE) ID: CVE-2012-4193 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16786 RedHat Security Advisories: RHSA-2012:1361 http://rhn.redhat.com/errata/RHSA-2012-1361.html RedHat Security Advisories: RHSA-2012:1362 http://rhn.redhat.com/errata/RHSA-2012-1362.html http://secunia.com/advisories/50906 http://secunia.com/advisories/50907 http://secunia.com/advisories/50964 XForce ISS Database: mozilla-location-security-bypass(79211) https://exchange.xforce.ibmcloud.com/vulnerabilities/79211
Copyright	Copyright (C) 2013 Greenbone Networks GmbH