NASLDB: Debian DSA-781-1 : mozilla-thunderbird - several vulnerabilities
General
ID: 19478
Name: Debian DSA-781-1 : mozilla-thunderbird – several vulnerabilities
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:H/RL:OF/RC:C
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
Several problems have been discovered in Mozilla Thunderbird, the
standalone mail client of the Mozilla suite. The Common
Vulnerabilities and Exposures project identifies the following
problems :
– CAN-2005-0989
Remote attackers could read portions of heap memory into
a Javascript string via the lambda replace method.
– CAN-2005-1159
The Javascript interpreter could be tricked to continue
execution at the wrong memory address, which may allow
attackers to cause a denial of service (application
crash) and possibly execute arbitrary code.
– CAN-2005-1160
Remote attackers could override certain properties or
methods of DOM nodes and gain privileges.
– CAN-2005-1532
Remote attackers could override certain properties or
methods due to missing proper limitation of Javascript
eval and Script objects and gain privileges.
– CAN-2005-2261
XML scripts ran even when Javascript disabled.
– CAN-2005-2265
Missing input sanitising of InstallVersion.compareTo()
can cause the application to crash.
– CAN-2005-2266
Remote attackers could steal sensitive information such
as cookies and passwords from web sites by accessing
data in alien frames.
– CAN-2005-2269
Remote attackers could modify certain tag properties of
DOM nodes that could lead to the execution of arbitrary
script or code.
– CAN-2005-2270
The Mozilla browser family does not properly clone base
objects, which allows remote attackers to execute
arbitrary code.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2005-0989
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2005/04/01
Patch Release: 2005/08/23
Plugin Release: 2005/08/23
Plugin
Version: 1.20
Filename: debian_DSA-781.nasl
Filesize: 5532 bytes
MD5 Hash: 3b9f4a8b11127f8ceef42d220afec866
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2005-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack