Executive Summary
Summary | |
---|---|
Title | thunderbird security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:791 | First vendor Publication | 2005-10-06 |
Vendor | RedHat | Last vendor Modification | 2005-10-06 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CAN-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of Thunderbird is to disallow such actions. (CAN-2005-2703) A bug was found in the way Thunderbird implemented its XBL interface. It may be possible for a malicious HTML mail to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Thunderbird 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits. (CAN-2005-2704) An integer overflow bug was found in Thunderbird's JavaScript engine. Under favorable conditions, it may be possible for a malicious mail message to execute arbitrary code as the user running Thunderbird. Please note that JavaScript support is disabled by default in Thunderbird. (CAN-2005-2705) A bug was found in the way Thunderbird displays about: pages. It is possible for a malicious HTML mail to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CAN-2005-2706) A bug was found in the way Thunderbird opens new windows. It is possible for a malicious HTML mail to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CAN-2005-2707) A bug was found in the way Thunderbird processes URLs passed to it on the command line. If a user passes a malformed URL to Thunderbird, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Thunderbird. (CAN-2005-2968) Users of Thunderbird are advised to upgrade to this updated package, which contains Thunderbird version 1.0.7 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 167944 - CAN-2005-2871 Firefox buffer overflow affects thunderbird 168531 - CAN-2005-2701 Multiple Firefox issues (CAN-2005-2702, CAN-2005-2703, CAN-2005-2704, CAN-2005-2705, CAN-2005-2706, CAN-2005-2707) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-791.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1089 | |||
Oval ID: | oval:org.mitre.oval:def:1089 | ||
Title: | XMLHttpRequest Header Spoofing Vulnerability | ||
Description: | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2703 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11105 | |||
Oval ID: | oval:org.mitre.oval:def:11105 | ||
Title: | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||
Description: | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2968 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1150 | |||
Oval ID: | oval:org.mitre.oval:def:1150 | ||
Title: | Crash on "zero-width non-joiner" Sequence | ||
Description: | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2702 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1197 | |||
Oval ID: | oval:org.mitre.oval:def:1197 | ||
Title: | Firefox/Mozilla Suite Chrome Window Spoofing Vulnerability | ||
Description: | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2707 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1272 | |||
Oval ID: | oval:org.mitre.oval:def:1272 | ||
Title: | Object Spoofing using XBL <implements> Vulnerability | ||
Description: | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2704 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1287 | |||
Oval ID: | oval:org.mitre.oval:def:1287 | ||
Title: | Mozilla IDN heap overrun using soft-hyphens | ||
Description: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2871 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1307 | |||
Oval ID: | oval:org.mitre.oval:def:1307 | ||
Title: | Firefox/Mozilla Suite JavaScript Integer Overflow | ||
Description: | Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2705 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1443 | |||
Oval ID: | oval:org.mitre.oval:def:1443 | ||
Title: | Firefox/Mozilla Suite about: Scheme Privilege Escalation Vulnerability | ||
Description: | Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2706 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1480 | |||
Oval ID: | oval:org.mitre.oval:def:1480 | ||
Title: | Heap Overrun in XBM Image Processing | ||
Description: | Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2701 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:584 | |||
Oval ID: | oval:org.mitre.oval:def:584 | ||
Title: | Mozilla IDN heap overrun using soft-hyphens | ||
Description: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2871 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9608 | |||
Oval ID: | oval:org.mitre.oval:def:9608 | ||
Title: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Description: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2871 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5010264.nasl |
2009-05-05 | Name : HP-UX Update for Mozilla remote HPSBUX01133 File : nvt/gb_hp_ux_HPSBUX01133.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-11 (mozilla) File : nvt/glsa_200509_11.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox19.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox20.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox21.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 837-1 (mozilla-firefox) File : nvt/deb_837_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 838-1 (mozilla-firefox) File : nvt/deb_838_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 866-1 (mozilla) File : nvt/deb_866_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 868-1 (mozilla-thunderbird) File : nvt/deb_868_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59850 | Netscape International Domain Name (IDN) URL Domain Name Overflow |
19649 | Mozilla Multiple Browser Chrome Window Spoofing |
19648 | Mozilla Multiple Browsers about: Page Privilege Escalation |
19647 | Mozilla Multiple Browser JavaScript Engine Overflow |
19646 | Mozilla Multiple Browser XBL <implements> Object Spoofing |
19645 | Mozilla Multiple Browser XMLHttpRequest Header Spoofing |
19644 | Mozilla Multiple Browser Unicode zero-width non- joiner Character DoS |
19643 | Mozilla Multiple Browsers XBM Image Processing Overflow |
19589 | Mozilla Products Command Line URL Arbitrary Shell Command Injection |
19255 | Mozilla Multiple Browser International Domain Name (IDN) URL Domain Name Over... |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-16 | Mozilla Firefox JavaScript engine integer overflow attempt RuleID : 52473 - Revision : 1 - Type : BROWSER-FIREFOX |
2020-01-16 | Mozilla Firefox JavaScript engine integer overflow attempt RuleID : 52472 - Revision : 1 - Type : BROWSER-FIREFOX |
2015-09-03 | Mozilla Firefox JavaScript engine integer overflow attempt RuleID : 35439 - Revision : 5 - Type : BROWSER-FIREFOX |
2015-09-03 | Mozilla Firefox JavaScript engine integer overflow attempt RuleID : 35438 - Revision : 5 - Type : BROWSER-FIREFOX |
2014-11-16 | Mozilla Firefox XBM image processing buffer overflow attempt RuleID : 32133 - Revision : 2 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Chrome Page Loading Restriction Bypass attempt RuleID : 17629 - Revision : 13 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Unicode sequence handling stack corruption attempt RuleID : 17434 - Revision : 13 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox XBM image processing buffer overflow attempt RuleID : 17360 - Revision : 13 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17222 - Revision : 10 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17221 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17220 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17219 - Revision : 12 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Chrome Page Loading Restriction Bypass attempt RuleID : 17213 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox command line URL shell command injection attempt RuleID : 16200 - Revision : 10 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-785.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-791.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-768.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-769.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-789.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8f5dd74b2c6111daa2630001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8665ebb9223711da978e0001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2e28cefb2aee11daa2630001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-200-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-186-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-181-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-174.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-868.nasl - Type : ACT_GATHER_INFO |
2005-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-866.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-791.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-837.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-838.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_058.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-789.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-785.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-170.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-11.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-963.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-962.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-932.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-931.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-927.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-926.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-871.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-872.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-873.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : A web browser on the remote host is affected by multiple vulnerabilities, inc... File : mozilla_1711.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : A web browser on the remote host is prone to multiple flaws, including arbitr... File : mozilla_firefox_106.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-874.nasl - Type : ACT_GATHER_INFO |
2005-09-14 | Name : The remote version of Mozilla Thunderbird suffers from several flaws. File : mozilla_thunderbird_107.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-768.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-769.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:42 |
|
2013-05-11 12:23:17 |
|