Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.67727
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2010:0544
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0544.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,
CVE-2010-1214, CVE-2010-2753)

An integer overflow flaw was found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2010-1199)

Several use-after-free flaws were found in Thunderbird. Viewing an HTML
mail message containing malicious content could result in Thunderbird
executing arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

A flaw was found in the way Thunderbird plug-ins interact. It was possible
for a plug-in to reference the freed memory from a different plug-in,
resulting in the execution of arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1198)

A flaw was found in the way Thunderbird handled the Content-Disposition:
attachment HTTP header when the Content-Type: multipart HTTP header was
also present. Loading remote HTTP content that allows arbitrary uploads and
relies on the Content-Disposition: attachment HTTP header to prevent
content from being displayed inline, could be used by an attacker to serve
malicious content to users. (CVE-2010-1197)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML
content could steal private data from different remote HTML content
Thunderbird has loaded. (CVE-2010-2754)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0544.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-0174
Debian Security Information: DSA-2027 (Google Search)
http://www.debian.org/security/2010/dsa-2027
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7615
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9502
http://www.redhat.com/support/errata/RHSA-2010-0332.html
http://www.redhat.com/support/errata/RHSA-2010-0333.html
http://securitytracker.com/id?1023775
http://securitytracker.com/id?1023781
http://secunia.com/advisories/38566
http://secunia.com/advisories/39117
http://secunia.com/advisories/39136
http://secunia.com/advisories/39204
http://secunia.com/advisories/39240
http://secunia.com/advisories/39242
http://secunia.com/advisories/39243
http://secunia.com/advisories/39308
http://secunia.com/advisories/39397
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://ubuntu.com/usn/usn-921-1
http://www.vupen.com/english/advisories/2010/0748
http://www.vupen.com/english/advisories/2010/0764
http://www.vupen.com/english/advisories/2010/0765
http://www.vupen.com/english/advisories/2010/0781
http://www.vupen.com/english/advisories/2010/0790
http://www.vupen.com/english/advisories/2010/0849
XForce ISS Database: mozilla-browser-eng-code-exec(57389)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57389
Common Vulnerability Exposure (CVE) ID: CVE-2010-0175
Bugtraq: 20100402 ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/510542/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834
http://securitytracker.com/id?1023780
http://securitytracker.com/id?1023782
XForce ISS Database: firefox-nstreeselection-code-execution(57390)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57390
Common Vulnerability Exposure (CVE) ID: CVE-2010-0176
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222
http://securitytracker.com/id?1023776
XForce ISS Database: firefox-nstreecontentview-code-exec(57392)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57392
Common Vulnerability Exposure (CVE) ID: CVE-2010-0177
Bugtraq: 20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/510540/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622
XForce ISS Database: firefox-nspluginarray-code-execution(57393)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57393
Common Vulnerability Exposure (CVE) ID: CVE-2010-1197
BugTraq ID: 41050
http://www.securityfocus.com/bid/41050
BugTraq ID: 41103
http://www.securityfocus.com/bid/41103
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186
http://www.redhat.com/support/errata/RHSA-2010-0499.html
http://www.redhat.com/support/errata/RHSA-2010-0500.html
http://www.redhat.com/support/errata/RHSA-2010-0501.html
http://www.securitytracker.com/id?1024138
http://secunia.com/advisories/40326
http://secunia.com/advisories/40401
http://secunia.com/advisories/40481
SuSE Security Announcement: SUSE-SA:2010:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
http://ubuntu.com/usn/usn-930-1
http://www.ubuntu.com/usn/usn-930-2
http://www.vupen.com/english/advisories/2010/1551
http://www.vupen.com/english/advisories/2010/1556
http://www.vupen.com/english/advisories/2010/1557
http://www.vupen.com/english/advisories/2010/1592
http://www.vupen.com/english/advisories/2010/1640
http://www.vupen.com/english/advisories/2010/1773
XForce ISS Database: firefox-contentdisposition-security-bypass(59667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59667
Common Vulnerability Exposure (CVE) ID: CVE-2010-1198
BugTraq ID: 41102
http://www.securityfocus.com/bid/41102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14176
XForce ISS Database: firefox-plugin-instances-code-exec(59664)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59664
Common Vulnerability Exposure (CVE) ID: CVE-2010-1199
BugTraq ID: 41082
http://www.securityfocus.com/bid/41082
Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511972/100/0/threaded
http://www.exploit-db.com/exploits/14949
http://www.zerodayinitiative.com/advisories/ZDI-10-113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287
http://www.securitytracker.com/id?1024139
http://secunia.com/advisories/40323
XForce ISS Database: firefox-xslt-node-code-execution(59666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59666
Common Vulnerability Exposure (CVE) ID: CVE-2010-1200
BugTraq ID: 41090
http://www.securityfocus.com/bid/41090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326
XForce ISS Database: firefox-seamonkey-browser-code-exec(59659)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59659
Common Vulnerability Exposure (CVE) ID: CVE-2010-1211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11552
Common Vulnerability Exposure (CVE) ID: CVE-2010-1214
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685
Common Vulnerability Exposure (CVE) ID: CVE-2010-2753
BugTraq ID: 41853
http://www.securityfocus.com/bid/41853
Bugtraq: 20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512510
http://www.zerodayinitiative.com/advisories/ZDI-10-131/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958
SuSE Security Announcement: SUSE-SA:2010:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-2754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.