Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.831383
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird)
Zusammenfassung:The remote host is missing an update for the 'mozilla-thunderbird'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'mozilla-thunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Security issues were identified and fixed in mozilla-thunderbird:

Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on
Windows and the potential loading of resources from non-permitted
locations. The impact would depend on whether interesting files
existed in predictable locations in a useful format. For example,
the existence or non-existence of particular images might indicate
whether certain software was installed (CVE-2011-0071).

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2011-0081,
CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,
CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).

The mozilla-thunderbird-lightning package shipped with MDVSA-2011:042
had a packaging bug that prevented extension to be loaded (#59951).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Affected Software/OS:
mozilla-thunderbird on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0071
Debian Security Information: DSA-2227 (Google Search)
http://www.debian.org/security/2011/dsa-2227
Debian Security Information: DSA-2228 (Google Search)
http://www.debian.org/security/2011/dsa-2228
Debian Security Information: DSA-2235 (Google Search)
http://www.debian.org/security/2011/dsa-2235
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14058
Common Vulnerability Exposure (CVE) ID: CVE-2011-0081
BugTraq ID: 47653
http://www.securityfocus.com/bid/47653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993
Common Vulnerability Exposure (CVE) ID: CVE-2011-0069
BugTraq ID: 47656
http://www.securityfocus.com/bid/47656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14065
Common Vulnerability Exposure (CVE) ID: CVE-2011-0070
BugTraq ID: 47654
http://www.securityfocus.com/bid/47654
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14286
Common Vulnerability Exposure (CVE) ID: CVE-2011-0080
BugTraq ID: 47641
http://www.securityfocus.com/bid/47641
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13866
Common Vulnerability Exposure (CVE) ID: CVE-2011-0074
BugTraq ID: 47646
http://www.securityfocus.com/bid/47646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14317
Common Vulnerability Exposure (CVE) ID: CVE-2011-0075
BugTraq ID: 47647
http://www.securityfocus.com/bid/47647
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14086
Common Vulnerability Exposure (CVE) ID: CVE-2011-0077
BugTraq ID: 47648
http://www.securityfocus.com/bid/47648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14193
Common Vulnerability Exposure (CVE) ID: CVE-2011-0078
BugTraq ID: 47651
http://www.securityfocus.com/bid/47651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14246
Common Vulnerability Exposure (CVE) ID: CVE-2011-0072
BugTraq ID: 47655
http://www.securityfocus.com/bid/47655
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14038
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.