|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2005:174: mozilla-thunderbird Vulnerability Assessment Details
|
MDKSA-2005:174: mozilla-thunderbird |
||
Check for the version of the mozilla-thunderbird package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2005:174 (mozilla-thunderbird). Updated Mozilla Thunderbird packages fix various vulnerabilities: The run-mozilla.sh script, with debugging enabled, would permit local users to create or overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-2353). A bug in the way Thunderbird processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Thunderbird handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Thunderbird makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine however, the default behaviour of the browser is to dispermit this (CVE-2005-2703). A bug in the way Thunderbird implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to permit arbitrary JavaScript execution with chrome permissions (CVE-2005-2704). An integer overflow in Thunderbird's JavaScript engine could be manipulated in certain conditions to permit a malicious web page to execute arbitrary code (CVE-2005-2705). A bug in the way Thunderbird displays about: pages could be used to execute JavaScript with chrome rights (CVE-2005-2706). A bug in the way Thunderbird opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707). A bug in the way Thunderbird proceesed URLs on the command line could be used to execute arbitary commands as the user running Thunderbird this could be abused by clicking on a supplied link, such as from an instant messaging client (CVE-2005-2968). Tom Ferris reported that Thunderbird would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non-wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871). The updated packages have been patched to correct these issues. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:174 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
Cisco Nexus 48-Port 10G SFP+ Switch N9K-9396PX w/ 9K-M12PQ 12-Port 40G QSFP
$249.99
Cisco Catalyst WS-C2960CX-8TC-L 2960-CX Series 8 Port Gigabit Switch
$59.99
EtherWAN EX17242 Web-Smart 24-Port PoE Gigabit Ethernet Switch
$29.99
HP 2530-48G 48 Port Gigabit Ethernet Network Switch J9775A
$30.95
New Linksys SE3005 5-port Gigabit Ethernet Switch
$18.99
Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch
$21.99
NetGear ProSafe GS748T V4 48-Port Gigabit Smart Switch w/ Ears + Cord
$35.00
Juniper Networks EX3300-48P 48-Port PoE+ 4x SFP+ Network Switch w/ Power Cord
$43.95
HP Aruba 2530-8G-PoE+ 8x PoE+ RJ45 2x SFP Gigabit Switch J9774A No AC Adapter
$37.99
|
||
No Discussions have been posted on this vulnerability. |