Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2011:080 | First vendor Publication | 2011-05-01 |
| Vendor | Mandriva | Last vendor Modification | 2011-05-01 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Security issues were identified and fixed in mozilla-thunderbird: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072). The mozilla-thunderbird-lightning package shipped with MDVSA-2011:042 had a packaging bug that prevented extension to be loaded (#59951). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12683 | |||
| Oval ID: | oval:org.mitre.oval:def:12683 | ||
| Title: | DSA-2228-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2228-1 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12867 | |||
| Oval ID: | oval:org.mitre.oval:def:12867 | ||
| Title: | DSA-2235-1 icedove -- several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2235-1 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13007 | |||
| Oval ID: | oval:org.mitre.oval:def:13007 | ||
| Title: | DSA-2227-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2227-1 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13866 | |||
| Oval ID: | oval:org.mitre.oval:def:13866 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0080 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13993 | |||
| Oval ID: | oval:org.mitre.oval:def:13993 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0081 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14038 | |||
| Oval ID: | oval:org.mitre.oval:def:14038 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0072 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14058 | |||
| Oval ID: | oval:org.mitre.oval:def:14058 | ||
| Title: | Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | ||
| Description: | Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0071 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14065 | |||
| Oval ID: | oval:org.mitre.oval:def:14065 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0069 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14086 | |||
| Oval ID: | oval:org.mitre.oval:def:14086 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0075 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14193 | |||
| Oval ID: | oval:org.mitre.oval:def:14193 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0077 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14246 | |||
| Oval ID: | oval:org.mitre.oval:def:14246 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0078 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14286 | |||
| Oval ID: | oval:org.mitre.oval:def:14286 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0070 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14317 | |||
| Oval ID: | oval:org.mitre.oval:def:14317 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0074 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21123 | |||
| Oval ID: | oval:org.mitre.oval:def:21123 | ||
| Title: | RHSA-2011:0474: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0474-01 CESA-2011:0474 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 | Version: | 81 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21701 | |||
| Oval ID: | oval:org.mitre.oval:def:21701 | ||
| Title: | RHSA-2011:0475: thunderbird security update (Critical) | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0475-01 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 120 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23031 | |||
| Oval ID: | oval:org.mitre.oval:def:23031 | ||
| Title: | ELSA-2011:0474: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0474-01 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23181 | |||
| Oval ID: | oval:org.mitre.oval:def:23181 | ||
| Title: | ELSA-2011:0475: thunderbird security update (Critical) | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0475-01 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 41 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27497 | |||
| Oval ID: | oval:org.mitre.oval:def:27497 | ||
| Title: | DEPRECATED: ELSA-2011-0475 -- thunderbird security update (critical) | ||
| Description: | [3.1.10-1.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.10-1] - Update to 3.1.10 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0475 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0471 centos4 x86_64 File : nvt/gb_CESA-2011_0471_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0471 centos5 x86_64 File : nvt/gb_CESA-2011_0471_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:0473 centos4 x86_64 File : nvt/gb_CESA-2011_0473_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0474 centos4 x86_64 File : nvt/gb_CESA-2011_0474_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0474 centos5 x86_64 File : nvt/gb_CESA-2011_0474_thunderbird_centos5_x86_64.nasl |
| 2012-06-06 | Name : RedHat Update for thunderbird RHSA-2011:0475-01 File : nvt/gb_RHSA-2011_0475-01_thunderbird.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0471 centos4 i386 File : nvt/gb_CESA-2011_0471_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0471 centos5 i386 File : nvt/gb_CESA-2011_0471_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2011:0473 centos4 i386 File : nvt/gb_CESA-2011_0473_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2011:0474 centos4 i386 File : nvt/gb_CESA-2011_0474_thunderbird_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2011:0474 centos5 i386 File : nvt/gb_CESA-2011_0474_thunderbird_centos5_i386.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2235-1 (icedove) File : nvt/deb_2235_1.nasl |
| 2011-06-10 | Name : Ubuntu Update for thunderbird USN-1122-3 File : nvt/gb_ubuntu_USN_1122_3.nasl |
| 2011-05-18 | Name : Mozilla Products Unspecified Vulnerability May-11 (Windows) File : nvt/gb_mozilla_prdts_unspecified_vuln_win_may11.nasl |
| 2011-05-18 | Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 File : nvt/gb_mozilla_prdts_mult_vuln_win02_may11.nasl |
| 2011-05-18 | Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 File : nvt/gb_mozilla_prdts_mult_vuln_win01_may11.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2227-1 (iceape) File : nvt/deb_2227_1.nasl |
| 2011-05-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox56.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2228-1 (iceweasel) File : nvt/deb_2228_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for thunderbird USN-1122-2 File : nvt/gb_ubuntu_USN_1122_2.nasl |
| 2011-05-10 | Name : Ubuntu Update for thunderbird USN-1122-1 File : nvt/gb_ubuntu_USN_1122_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for firefox USN-1121-1 File : nvt/gb_ubuntu_USN_1121_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for firefox USN-1112-1 File : nvt/gb_ubuntu_USN_1112_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for xulrunner-1.9.1 USN-1123-1 File : nvt/gb_ubuntu_USN_1123_1.nasl |
| 2011-05-10 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022 File : nvt/gb_suse_2011_022.nasl |
| 2011-05-10 | Name : Mandriva Update for tcl-sqlite3 MDVA-2011:019 (tcl-sqlite3) File : nvt/gb_mandriva_MDVA_2011_019.nasl |
| 2011-05-05 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_080.nasl |
| 2011-05-05 | Name : Mandriva Update for firefox MDVSA-2011:079 (firefox) File : nvt/gb_mandriva_MDVSA_2011_079.nasl |
| 2011-05-05 | Name : RedHat Update for thunderbird RHSA-2011:0474-01 File : nvt/gb_RHSA-2011_0474-01_thunderbird.nasl |
| 2011-05-05 | Name : RedHat Update for seamonkey RHSA-2011:0473-01 File : nvt/gb_RHSA-2011_0473-01_seamonkey.nasl |
| 2011-05-05 | Name : RedHat Update for firefox RHSA-2011:0471-01 File : nvt/gb_RHSA-2011_0471-01_firefox.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72090 | Mozilla Multiple Products resource: Protocol Traversal Arbitrary File Access Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw that allows a context-dependent attacker to traverse outside of a restricted path. The issue is due to the programs not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the resource: protocol. This directory traversal attack would allow the attacker to access arbitrary files. |
| 72084 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0072) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72083 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0078) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72082 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0077) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72081 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0075) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72080 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0074) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72078 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-0080) Multiple memory corruption flaws exist in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72077 | Mozilla Multiple Products Unspecified Remote DoS (2011-0070) Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified flaw that may allow a context-dependent attacker to cause a denial of service. No further details have been provided. |
| 72076 | Mozilla Multiple Products Unspecified Remote DoS (2011-0069) Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified flaw that may allow a context-dependent attacker to cause a denial of service. No further details have been provided. |
| 72075 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0081) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110429.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0471.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0473.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0474.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0475.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110428_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110428_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110428_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110428_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7492.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7490.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1122-2.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1122-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1121-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1112-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1123-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1122-3.nasl - Type : ACT_GATHER_INFO |
| 2011-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2235.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7493.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7491.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0473.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-080.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-079.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2228.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2227.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0474.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0471.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3617.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3519.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_401.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_3110.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_2014.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0475.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0474.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0473.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0471.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:42:13 |
|
| 2013-05-11 00:48:33 |
|
