Test ID:	1.3.6.1.4.1.25623.1.0.870447
Category:	Red Hat Local Security Checks
Title:	RedHat Update for thunderbird RHSA-2011:0887-01
Summary:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2377) Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way Thunderbird handled JavaScript Array objects. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2371) A use-after-free flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2373) It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing '.' character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. Affected Software/OS: thunderbird on Red Hat Enterprise Linux AS version 4, Red Hat Enterprise Linux ES version 4, Red Hat Enterprise Linux WS version 4 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0083 Debian Security Information: DSA-2268 (Google Search) http://www.debian.org/security/2011/dsa-2268 Debian Security Information: DSA-2269 (Google Search) http://www.debian.org/security/2011/dsa-2269 Debian Security Information: DSA-2273 (Google Search) http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13543 http://www.redhat.com/support/errata/RHSA-2011-0885.html http://www.redhat.com/support/errata/RHSA-2011-0886.html http://www.redhat.com/support/errata/RHSA-2011-0887.html http://www.redhat.com/support/errata/RHSA-2011-0888.html http://secunia.com/advisories/45002 SuSE Security Announcement: SUSE-SA:2011:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://www.ubuntu.com/usn/USN-1149-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-0085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432 Common Vulnerability Exposure (CVE) ID: CVE-2011-2362 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693 Common Vulnerability Exposure (CVE) ID: CVE-2011-2363 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14046 Common Vulnerability Exposure (CVE) ID: CVE-2011-2364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318 Common Vulnerability Exposure (CVE) ID: CVE-2011-2365 BugTraq ID: 48368 http://www.securityfocus.com/bid/48368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14184 Common Vulnerability Exposure (CVE) ID: CVE-2011-2371 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13987 http://securityreason.com/securityalert/8472 Common Vulnerability Exposure (CVE) ID: CVE-2011-2373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14178 XForce ISS Database: thunderbird-xul-code-exec(68133) https://exchange.xforce.ibmcloud.com/vulnerabilities/68133 Common Vulnerability Exposure (CVE) ID: CVE-2011-2374 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14123 XForce ISS Database: thunderbird-memory-ce(68128) https://exchange.xforce.ibmcloud.com/vulnerabilities/68128 Common Vulnerability Exposure (CVE) ID: CVE-2011-2375 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14071 Common Vulnerability Exposure (CVE) ID: CVE-2011-2376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14396 Common Vulnerability Exposure (CVE) ID: CVE-2011-2377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13872
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.