Test Kennung:	1.3.6.1.4.1.25623.1.0.67726
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2010:0545
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2010:0545. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the Content-Disposition: attachment HTTP header when the Content-Type: multipart HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the Content-Disposition: attachment HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0545.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0174 Debian Security Information: DSA-2027 (Google Search) http://www.debian.org/security/2010/dsa-2027 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7615 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9502 http://www.redhat.com/support/errata/RHSA-2010-0332.html http://www.redhat.com/support/errata/RHSA-2010-0333.html http://securitytracker.com/id?1023775 http://securitytracker.com/id?1023781 http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http://secunia.com/advisories/39242 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://ubuntu.com/usn/usn-921-1 http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/english/advisories/2010/0764 http://www.vupen.com/english/advisories/2010/0765 http://www.vupen.com/english/advisories/2010/0781 http://www.vupen.com/english/advisories/2010/0790 http://www.vupen.com/english/advisories/2010/0849 XForce ISS Database: mozilla-browser-eng-code-exec(57389) https://exchange.xforce.ibmcloud.com/vulnerabilities/57389 Common Vulnerability Exposure (CVE) ID: CVE-2010-0175 Bugtraq: 20100402 ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510542/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834 http://securitytracker.com/id?1023780 http://securitytracker.com/id?1023782 XForce ISS Database: firefox-nstreeselection-code-execution(57390) https://exchange.xforce.ibmcloud.com/vulnerabilities/57390 Common Vulnerability Exposure (CVE) ID: CVE-2010-0176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222 http://securitytracker.com/id?1023776 XForce ISS Database: firefox-nstreecontentview-code-exec(57392) https://exchange.xforce.ibmcloud.com/vulnerabilities/57392 Common Vulnerability Exposure (CVE) ID: CVE-2010-0177 Bugtraq: 20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510540/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622 XForce ISS Database: firefox-nspluginarray-code-execution(57393) https://exchange.xforce.ibmcloud.com/vulnerabilities/57393 Common Vulnerability Exposure (CVE) ID: CVE-2010-1197 BugTraq ID: 41050 http://www.securityfocus.com/bid/41050 BugTraq ID: 41103 http://www.securityfocus.com/bid/41103 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186 http://www.redhat.com/support/errata/RHSA-2010-0499.html http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securitytracker.com/id?1024138 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 SuSE Security Announcement: SUSE-SA:2010:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://ubuntu.com/usn/usn-930-1 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1551 http://www.vupen.com/english/advisories/2010/1556 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 XForce ISS Database: firefox-contentdisposition-security-bypass(59667) https://exchange.xforce.ibmcloud.com/vulnerabilities/59667 Common Vulnerability Exposure (CVE) ID: CVE-2010-1198 BugTraq ID: 41102 http://www.securityfocus.com/bid/41102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14176 XForce ISS Database: firefox-plugin-instances-code-exec(59664) https://exchange.xforce.ibmcloud.com/vulnerabilities/59664 Common Vulnerability Exposure (CVE) ID: CVE-2010-1199 BugTraq ID: 41082 http://www.securityfocus.com/bid/41082 Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511972/100/0/threaded http://www.exploit-db.com/exploits/14949 http://www.zerodayinitiative.com/advisories/ZDI-10-113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287 http://www.securitytracker.com/id?1024139 http://secunia.com/advisories/40323 XForce ISS Database: firefox-xslt-node-code-execution(59666) https://exchange.xforce.ibmcloud.com/vulnerabilities/59666 Common Vulnerability Exposure (CVE) ID: CVE-2010-1200 BugTraq ID: 41090 http://www.securityfocus.com/bid/41090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326 XForce ISS Database: firefox-seamonkey-browser-code-exec(59659) https://exchange.xforce.ibmcloud.com/vulnerabilities/59659 Common Vulnerability Exposure (CVE) ID: CVE-2010-1205 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html BugTraq ID: 41174 http://www.securityfocus.com/bid/41174 Debian Security Information: DSA-2072 (Google Search) http://www.debian.org/security/2010/dsa-2072 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 http://lists.vmware.com/pipermail/security-announce/2010/000105.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851 http://secunia.com/advisories/40302 http://secunia.com/advisories/40336 http://secunia.com/advisories/40472 http://secunia.com/advisories/40547 http://secunia.com/advisories/41574 http://secunia.com/advisories/42314 http://secunia.com/advisories/42317 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.ubuntu.com/usn/USN-960-1 http://www.vupen.com/english/advisories/2010/1612 http://www.vupen.com/english/advisories/2010/1637 http://www.vupen.com/english/advisories/2010/1755 http://www.vupen.com/english/advisories/2010/1837 http://www.vupen.com/english/advisories/2010/1846 http://www.vupen.com/english/advisories/2010/1877 http://www.vupen.com/english/advisories/2010/2491 http://www.vupen.com/english/advisories/2010/3045 http://www.vupen.com/english/advisories/2010/3046 XForce ISS Database: libpng-rowdata-bo(59815) https://exchange.xforce.ibmcloud.com/vulnerabilities/59815 Common Vulnerability Exposure (CVE) ID: CVE-2010-1211 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11552 Common Vulnerability Exposure (CVE) ID: CVE-2010-1214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685 Common Vulnerability Exposure (CVE) ID: CVE-2010-2753 BugTraq ID: 41853 http://www.securityfocus.com/bid/41853 Bugtraq: 20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512510 http://www.zerodayinitiative.com/advisories/ZDI-10-131/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 SuSE Security Announcement: SUSE-SA:2010:049 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2010-2754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.