CentOS Local Security Checks : CentOS Update for thunderbird CESA-2019:2773 centos7

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883110

Categoría: CentOS Local Security Checks

Título: CentOS Update for thunderbird CESA-2019:2773 centos7

Resumen: The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2019:2773 advisory.

Descripción: Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the CESA-2019:2773 advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 60.9.0.

Security Fix(es):

* Mozilla: Covert Content Attack on S/MIME encryption using a crafted
multipart/alternative message (CVE-2019-11739)

* Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and
Firefox ESR 60.9 (CVE-2019-11740)

* Mozilla: Same-origin policy violation with SVG filters and canvas to
steal cross-origin images (CVE-2019-11742)

* Mozilla: XSS by breaking out of title and textarea elements using
innerHTML (CVE-2019-11744)

* Mozilla: Use-after-free while manipulating video (CVE-2019-11746)

* Mozilla: Use-after-free while extracting a key value in IndexedDB
(CVE-2019-11752)

* Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'thunderbird' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-11739
Common Vulnerability Exposure (CVE) ID: CVE-2019-11740
Common Vulnerability Exposure (CVE) ID: CVE-2019-11742
Common Vulnerability Exposure (CVE) ID: CVE-2019-11743
Common Vulnerability Exposure (CVE) ID: CVE-2019-11744
Common Vulnerability Exposure (CVE) ID: CVE-2019-11746
Common Vulnerability Exposure (CVE) ID: CVE-2019-11752

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883110
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for thunderbird CESA-2019:2773 centos7
Resumen:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2019:2773 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the CESA-2019:2773 advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'thunderbird' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11739 Common Vulnerability Exposure (CVE) ID: CVE-2019-11740 Common Vulnerability Exposure (CVE) ID: CVE-2019-11742 Common Vulnerability Exposure (CVE) ID: CVE-2019-11743 Common Vulnerability Exposure (CVE) ID: CVE-2019-11744 Common Vulnerability Exposure (CVE) ID: CVE-2019-11746 Common Vulnerability Exposure (CVE) ID: CVE-2019-11752
Copyright	Copyright (C) 2019 Greenbone Networks GmbH