Mandrake Local Security Checks : Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831729
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird)
Resumen:	The remote host is missing an update for the 'mozilla-thunderbird'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mozilla-thunderbird' package(s) announced via the referenced advisory. Vulnerability Insight: Security issues were identified and fixed in mozilla thunderbird: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2012-1971). In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products (CVE-2012-1970). Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964). Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks (CVE-2012-1956). Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative height header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable (CVE-2012-3966). Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: mozilla-thunderbird on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1971 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16841 SuSE Security Announcement: SUSE-SU-2012:1157 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html SuSE Security Announcement: SUSE-SU-2012:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu.com/usn/USN-1548-2 Common Vulnerability Exposure (CVE) ID: CVE-2012-1970 BugTraq ID: 55266 http://www.securityfocus.com/bid/55266 Debian Security Information: DSA-2553 (Google Search) http://www.debian.org/security/2012/dsa-2553 Debian Security Information: DSA-2554 (Google Search) http://www.debian.org/security/2012/dsa-2554 Debian Security Information: DSA-2556 (Google Search) http://www.debian.org/security/2012/dsa-2556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910 RedHat Security Advisories: RHSA-2012:1210 http://rhn.redhat.com/errata/RHSA-2012-1210.html RedHat Security Advisories: RHSA-2012:1211 http://rhn.redhat.com/errata/RHSA-2012-1211.html SuSE Security Announcement: openSUSE-SU-2012:1065 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1972 BugTraq ID: 55314 http://www.securityfocus.com/bid/55314 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17017 Common Vulnerability Exposure (CVE) ID: CVE-2012-1973 BugTraq ID: 55316 http://www.securityfocus.com/bid/55316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17045 Common Vulnerability Exposure (CVE) ID: CVE-2012-1974 BugTraq ID: 55317 http://www.securityfocus.com/bid/55317 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015 Common Vulnerability Exposure (CVE) ID: CVE-2012-1975 BugTraq ID: 55318 http://www.securityfocus.com/bid/55318 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17040 Common Vulnerability Exposure (CVE) ID: CVE-2012-1976 BugTraq ID: 55319 http://www.securityfocus.com/bid/55319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16818 Common Vulnerability Exposure (CVE) ID: CVE-2012-3956 BugTraq ID: 55320 http://www.securityfocus.com/bid/55320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16997 Common Vulnerability Exposure (CVE) ID: CVE-2012-3957 BugTraq ID: 55341 http://www.securityfocus.com/bid/55341 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16940 Common Vulnerability Exposure (CVE) ID: CVE-2012-3958 BugTraq ID: 55323 http://www.securityfocus.com/bid/55323 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16782 Common Vulnerability Exposure (CVE) ID: CVE-2012-3959 BugTraq ID: 55324 http://www.securityfocus.com/bid/55324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805 Common Vulnerability Exposure (CVE) ID: CVE-2012-3960 BugTraq ID: 55325 http://www.securityfocus.com/bid/55325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853 Common Vulnerability Exposure (CVE) ID: CVE-2012-3961 BugTraq ID: 55321 http://www.securityfocus.com/bid/55321 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16514 Common Vulnerability Exposure (CVE) ID: CVE-2012-3962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16494 Common Vulnerability Exposure (CVE) ID: CVE-2012-3963 BugTraq ID: 55340 http://www.securityfocus.com/bid/55340 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437 Common Vulnerability Exposure (CVE) ID: CVE-2012-3964 BugTraq ID: 55322 http://www.securityfocus.com/bid/55322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857 Common Vulnerability Exposure (CVE) ID: CVE-2012-1956 BugTraq ID: 55260 http://www.securityfocus.com/bid/55260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16367 RedHat Security Advisories: RHSA-2012:1351 http://rhn.redhat.com/errata/RHSA-2012-1351.html Common Vulnerability Exposure (CVE) ID: CVE-2012-3966 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246 Common Vulnerability Exposure (CVE) ID: CVE-2012-3968 BugTraq ID: 55276 http://www.securityfocus.com/bid/55276 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280 Common Vulnerability Exposure (CVE) ID: CVE-2012-3967 BugTraq ID: 55277 http://www.securityfocus.com/bid/55277 Common Vulnerability Exposure (CVE) ID: CVE-2012-3969 BugTraq ID: 55292 http://www.securityfocus.com/bid/55292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16635 Common Vulnerability Exposure (CVE) ID: CVE-2012-3970 BugTraq ID: 55278 http://www.securityfocus.com/bid/55278 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16876 Common Vulnerability Exposure (CVE) ID: CVE-2012-3971 BugTraq ID: 55304 http://www.securityfocus.com/bid/55304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16062 Common Vulnerability Exposure (CVE) ID: CVE-2012-3972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234 Common Vulnerability Exposure (CVE) ID: CVE-2012-3974 BugTraq ID: 55312 http://www.securityfocus.com/bid/55312 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692 Common Vulnerability Exposure (CVE) ID: CVE-2012-3975 BugTraq ID: 55311 http://www.securityfocus.com/bid/55311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16855 Common Vulnerability Exposure (CVE) ID: CVE-2012-3978 BugTraq ID: 55306 http://www.securityfocus.com/bid/55306 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923 Common Vulnerability Exposure (CVE) ID: CVE-2012-3980 BugTraq ID: 55257 http://www.securityfocus.com/bid/55257 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17000
Copyright	Copyright (c) 2012 Greenbone Networks GmbH