|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA1051] DSA-1051-1 mozilla-thunderbird Vulnerability Assessment Details
|
[DSA1051] DSA-1051-1 mozilla-thunderbird |
||
DSA-1051-1 mozilla-thunderbird Detailed Explanation for this Vulnerability Assessment Several security related problems have been discovered in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: The "run-mozilla.sh" script permits local users to create or overwrite arbitrary files when debugging is enabled via a symlink attack on temporary files. Web pages with extremely long titles cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03] The JavaScript interpreter does not properly dereference objects, which permits remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01] The function allocation code permits attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01] XULDocument.persist() did not validate the attribute name, permiting a possible hacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05] An anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27] A particular sequence of HTML tags can cause memory corruption that can be exploited to execute arbitrary code. [MFSA-2006-18] Georgi Guninski reports that forwarding mail in-line while using the default HTML "rich mail" editor will execute JavaScript embedded in the e-mail message with full rights of the client. [MFSA-2006-21] The HTML rendering engine does not properly block external images from inline HTML attachments when "Block loading of remote images in mail messages" is enabled, which could permit remote attackers to obtain sensitive information. [MFSA-2006-26] A vulnerability potentially permits remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20] A vulnerability potentially permits remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20] A vulnerability potentially permits remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20] A vulnerability potentially permits remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20] A vulnerability potentially permits remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20] Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome rights when the page is viewed under "Print Preview". [MFSA-2006-25] "shutdown" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable a possible hacker to install malware. [MFSA-2006-24] Claus Jørgensen reported that a text input box can be pr [...] Solution : http://www.debian.org/security/2006/dsa-1051 Network Security Threat Level: High Networks Security ID: 15773, 16476, 16476, 16770, 16881, 17516 Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi |
||
Cables, Connectors |
Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS
$712.98
DELL PowerEdge R730XD 24x 2.5" Server Dual 750W Dual Heatsink - BareBones TESTED
$299.99
H261-Z61 2U 24SFF AMD Server 8x EPYC 7551 256-Cores 256GB RAM 8x25G NIC 2x2200W
$2812.18
Dell PowerEdge R7525 Server 24X2.5(8XNVME)+H745 2xEPYC 7302 CPU 128G RAM 2x2400W
$3350.00
Dell PowerEdge R620 Server 2x E5-2660 v1 2.2GHz 16 Cores 256GB RAM 2x 300GB HDD
$89.99
HP Proliant DL160 GEN9 2x Xeon E5-2620 V4 2.10GHZ 32GB DDR4-2133MHZ 2x 550W PSU
$100.95
Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD
$389.99
Dell PowerEdge R230 Single Intel Xeon E3-1220 v5 @3.00GHz 16GB RAM No HDD H330
$102.50
Dell PowerEdge R710 2.5" 2U Server 2x X5670 2.93GHZ 12-Core 128gb 2x 1TB SAS
$214.99
1U Supermicro Server 10 Bay 2x Intel Xeon 3.3Ghz 8C 128GB RAM 480GB SSD 2x 10GBE
$297.00
|
||
No Discussions have been posted on this vulnerability. |