oval:org.mitre.oval:def:14001
Definition Id: oval:org.mitre.oval:def:14001 | |||
Oval ID: | oval:org.mitre.oval:def:14001 | ||
Title: | USN-782-1 -- thunderbird vulnerabilities | ||
Description: | Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. If JavaScript were enabled, an attacker could exploit this to perform script injection attacks using XBL bindings. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. If a user had JavaScript enabled while using Thunderbird to view websites and a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that Thunderbird could be made to run scripts with elevated privileges. If a user had JavaScript enabled while having certain non-default add-ons installed and were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website | ||
Family: | unix | Class: | patch |
Reference(s): | USN-782-1 CVE-2009-1303 CVE-2009-1305 CVE-2009-1392 CVE-2009-1833 CVE-2009-1838 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1308 CVE-2009-1836 CVE-2009-1841 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13250 | |||
Oval ID: | oval:org.mitre.oval:def:13250 | ||
Title: | Ubuntu 8.04 is installed | ||
Description: | Ubuntu 8.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:ubuntu:ubuntu_linux:8.04 | Version: | 3 |
Platform(s): | Ubuntu 8.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:14001 |
Definition Id: oval:org.mitre.oval:def:13306 | |||
Oval ID: | oval:org.mitre.oval:def:13306 | ||
Title: | Ubuntu 8.10 is installed | ||
Description: | Ubuntu 8.10 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:ubuntu:ubuntu_linux:8.10 | Version: | 3 |
Platform(s): | Ubuntu 8.10 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:14001 |
Definition Id: oval:org.mitre.oval:def:12669 | |||
Oval ID: | oval:org.mitre.oval:def:12669 | ||
Title: | Ubuntu 9.04 is installed | ||
Description: | Ubuntu 9.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:9.04 | Version: | 5 |
Platform(s): | Ubuntu 9.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:14001 |