Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title thunderbird security update
Informations
Name RHSA-2011:0887 First vendor Publication 2011-06-21
Vendor RedHat Last vendor Modification 2011-06-21
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2377)

Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)

Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376)

An integer overflow flaw was found in the way Thunderbird handled JavaScript Array objects. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2371)

A use-after-free flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2373)

It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362)

All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

714576 - CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376 Mozilla Miscellaneous memory safety hazards (MFSA 2011-19) 714577 - CVE-2011-2373 Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20) 714580 - CVE-2011-2371 Mozilla Integer overflow and arbitrary code execution (MFSA 2011-22) 714581 - CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23) 714583 - CVE-2011-2362 Mozilla Cookie isolation error (MFSA 2011-24) 714929 - CVE-2011-2377 Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-0887.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
12 % CWE-264 Permissions, Privileges, and Access Controls
12 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12781
 
Oval ID: oval:org.mitre.oval:def:12781
Title: DSA-2269-1 iceape -- several
Description: Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.
Family: unix Class: patch
Reference(s): DSA-2269-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13034
 
Oval ID: oval:org.mitre.oval:def:13034
Title: DSA-2268-1 iceweasel -- several
Description: Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2268-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13318
 
Oval ID: oval:org.mitre.oval:def:13318
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2364
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13543
 
Oval ID: oval:org.mitre.oval:def:13543
Title: Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Description: Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0083
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13635
 
Oval ID: oval:org.mitre.oval:def:13635
Title: USN-1150-1 -- thunderbird vulnerabilities
Description: thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird.
Family: unix Class: patch
Reference(s): USN-1150-1
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13693
 
Oval ID: oval:org.mitre.oval:def:13693
Title: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Description: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2362
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13872
 
Oval ID: oval:org.mitre.oval:def:13872
Title: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Description: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2377
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13980
 
Oval ID: oval:org.mitre.oval:def:13980
Title: USN-1149-2 -- firefox regression
Description: firefox: safe and easy web browser from Mozilla Details: USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem. We apologize for the inconvenience. Original advisory In rare instances, Firefox could have trouble accessing some websites.
Family: unix Class: patch
Reference(s): USN-1149-2
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13987
 
Oval ID: oval:org.mitre.oval:def:13987
Title: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Description: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2371
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14046
 
Oval ID: oval:org.mitre.oval:def:14046
Title: Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Description: Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2363
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14071
 
Oval ID: oval:org.mitre.oval:def:14071
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2375
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14123
 
Oval ID: oval:org.mitre.oval:def:14123
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2374
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14152
 
Oval ID: oval:org.mitre.oval:def:14152
Title: USN-1149-1 -- firefox, xulrunner-1.9.2 vulnerabilities
Description: firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner Multiple Vulnerabilities were fixed in Firefox and Xulrunner
Family: unix Class: patch
Reference(s): USN-1149-1
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): firefox
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14178
 
Oval ID: oval:org.mitre.oval:def:14178
Title: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Description: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2373
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14184
 
Oval ID: oval:org.mitre.oval:def:14184
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2365
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14396
 
Oval ID: oval:org.mitre.oval:def:14396
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2376
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14401
 
Oval ID: oval:org.mitre.oval:def:14401
Title: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2605
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14432
 
Oval ID: oval:org.mitre.oval:def:14432
Title: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
Description: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0085
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20220
 
Oval ID: oval:org.mitre.oval:def:20220
Title: DSA-2273-3 icedove - multiple issues
Description: Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
Family: unix Class: patch
Reference(s): DSA-2273-3
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21435
 
Oval ID: oval:org.mitre.oval:def:21435
Title: RHSA-2011:0885: firefox security and bug fix update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): RHSA-2011:0885-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
CESA-2011:0885-CentOS 5
Version: 174
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21772
 
Oval ID: oval:org.mitre.oval:def:21772
Title: RHSA-2011:0886: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): RHSA-2011:0886-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 146
Platform(s): Red Hat Enterprise Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22026
 
Oval ID: oval:org.mitre.oval:def:22026
Title: RHSA-2011:0887: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): RHSA-2011:0887-01
CESA-2011:0887
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 172
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23271
 
Oval ID: oval:org.mitre.oval:def:23271
Title: ELSA-2011:0887: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): ELSA-2011:0887-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 57
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23411
 
Oval ID: oval:org.mitre.oval:def:23411
Title: ELSA-2011:0885: firefox security and bug fix update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): ELSA-2011:0885-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 57
Platform(s): Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23741
 
Oval ID: oval:org.mitre.oval:def:23741
Title: ELSA-2011:0886: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): ELSA-2011:0886-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 49
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28020
 
Oval ID: oval:org.mitre.oval:def:28020
Title: DEPRECATED: ELSA-2011-0886 -- thunderbird security update (critical)
Description: [3.1.11-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.11-2] - Update to 3.1.11
Family: unix Class: patch
Reference(s): ELSA-2011-0886
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 4
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28788
 
Oval ID: oval:org.mitre.oval:def:28788
Title: DSA-2273-1 -- icedove -- several vulnerabilities
Description: Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
Family: unix Class: patch
Reference(s): DSA-2273-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): icedove
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 277
Application 59
Application 127

ExploitDB Exploits

id Description
2012-02-27 Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
2011-10-12 Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for firefox CESA-2011:0885 centos4 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0885 centos5 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0887 centos4 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0887 centos5 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2011:0888 centos4 x86_64
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_x86_64.nasl
2012-06-06 Name : RedHat Update for thunderbird RHSA-2011:0886-01
File : nvt/gb_RHSA-2011_0886-01_thunderbird.nasl
2011-08-18 Name : SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028
File : nvt/gb_suse_2011_028.nasl
2011-08-18 Name : CentOS Update for firefox CESA-2011:0885 centos4 i386
File : nvt/gb_CESA-2011_0885_firefox_centos4_i386.nasl
2011-08-18 Name : CentOS Update for thunderbird CESA-2011:0887 centos4 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_i386.nasl
2011-08-18 Name : CentOS Update for seamonkey CESA-2011:0888 centos4 i386
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0885 centos5 i386
File : nvt/gb_CESA-2011_0885_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2011:0887 centos5 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2269-1 (iceape)
File : nvt/deb_2269_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2268-1 (iceweasel)
File : nvt/deb_2268_1.nasl
2011-08-03 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox57.nasl
2011-08-03 Name : Debian Security Advisory DSA 2273-1 (icedove)
File : nvt/deb_2273_1.nasl
2011-07-18 Name : Ubuntu Update for thunderbird USN-1150-1
File : nvt/gb_ubuntu_USN_1150_1.nasl
2011-07-08 Name : Ubuntu Update for firefox USN-1149-2
File : nvt/gb_ubuntu_USN_1149_2.nasl
2011-07-07 Name : Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_dos_vuln_win_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02
File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03
File : nvt/gb_mozilla_prdts_mult_vuln_win03_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04
File : nvt/gb_mozilla_prdts_mult_vuln_win04_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_jul11.nasl
2011-06-24 Name : Ubuntu Update for mozvoikko USN-1157-2
File : nvt/gb_ubuntu_USN_1157_2.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1157-1
File : nvt/gb_ubuntu_USN_1157_1.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1157-3
File : nvt/gb_ubuntu_USN_1157_3.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1149-1
File : nvt/gb_ubuntu_USN_1149_1.nasl
2011-06-24 Name : Mandriva Update for mozilla MDVSA-2011:111 (mozilla)
File : nvt/gb_mandriva_MDVSA_2011_111.nasl
2011-06-24 Name : RedHat Update for seamonkey RHSA-2011:0888-01
File : nvt/gb_RHSA-2011_0888-01_seamonkey.nasl
2011-06-24 Name : RedHat Update for thunderbird RHSA-2011:0887-01
File : nvt/gb_RHSA-2011_0887-01_thunderbird.nasl
2011-06-24 Name : RedHat Update for firefox RHSA-2011:0885-01
File : nvt/gb_RHSA-2011_0885-01_firefox.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74319 Mozilla Multiple Products netwerk/cookie/nsCookieService.cpp nsCookieService:...

73188 Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclo...

73187 Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Co...

73186 Mozilla Multiple Products nsSVGPointList::AppendElement() Use-after-free Remo...

73185 Mozilla Multiple Products nsSVGPathSegList::ReplaceItem() Use-after-free Remo...

73184 Mozilla Multiple Products Array.reduceRight() Method Overflow

73183 Mozilla Multiple Products multipart/x-mixed-replace Image Handling Memory Cor...

73182 Mozilla Multiple Products XUL Document Handling Use-after-free Arbitrary Code...

73181 Mozilla Multiple Products Unspecified DoS (2011-2365)

73180 Mozilla Multiple Products Unspecified DoS (2011-2364)

73179 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2376)

73178 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2375)

73177 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2374)

Snort® IPS/IDS

Date Description
2014-03-08 Mozilla Array.reduceRight integer overflow attempt
RuleID : 29625 - Revision : 2 - Type : BROWSER-FIREFOX
2014-03-08 Mozilla Array.reduceRight integer overflow attempt
RuleID : 29624 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 24188 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 24187 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 19714 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 19713 - Revision : 8 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110627.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110628.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7596.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote Windows host contains a web browser that may be affected by multip...
File : seamonkey_22.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-07-18 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1150-1.nasl - Type : ACT_GATHER_INFO
2011-07-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2273.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2269.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2268.nasl - Type : ACT_GATHER_INFO
2011-07-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7597.nasl - Type : ACT_GATHER_INFO
2011-07-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110628.nasl - Type : ACT_GATHER_INFO
2011-06-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1149-2.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_3_6_18.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-3.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_5_0.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1157-1.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-2.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1149-1.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-111.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_3111.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_50.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3618.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:54:49
  • Multiple Updates