oval:org.mitre.oval:def:28336
| Definition Id: oval:org.mitre.oval:def:28336 | |||
| Oval ID: | oval:org.mitre.oval:def:28336 | ||
| Title: | USN-2428-1 -- Thunderbird vulnerabilities | ||
| Description: | Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1587">CVE-2014-1587</a>) Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1590">CVE-2014-1590</a>) Berend-Jan Wever discovered a use-after-free during HTML parsing. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1592">CVE-2014-1592</a>) Abhishek Arya discovered a buffer overflow when parsing media content. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1593">CVE-2014-1593</a>) Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the compositor. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause undefined behaviour, a denial of service via application crash or execute abitrary code with the privileges of the user invoking Thunderbird. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1594">CVE-2014-1594</a>) | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2428-1 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 | Version: | 5 |
| Platform(s): | Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24421 | |||
| Oval ID: | oval:org.mitre.oval:def:24421 | ||
| Title: | Ubuntu 14.04 is installed | ||
| Description: | Ubuntu 14.04 is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:canonical:ubuntu_linux:14.04 | Version: | 5 |
| Platform(s): | Ubuntu 14.04 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:28336 | |||
| Definition Id: oval:org.mitre.oval:def:27174 | |||
| Oval ID: | oval:org.mitre.oval:def:27174 | ||
| Title: | Ubuntu 14.10 is installed | ||
| Description: | Ubuntu 14.10 is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:canonical:ubuntu_linux:14.10 | Version: | 5 |
| Platform(s): | Ubuntu 14.10 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:28336 | |||
| Definition Id: oval:org.mitre.oval:def:15824 | |||
| Oval ID: | oval:org.mitre.oval:def:15824 | ||
| Title: | Ubuntu 12.04 is installed | ||
| Description: | Ubuntu 12.04 is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:canonical:ubuntu_linux:12.04 | Version: | 5 |
| Platform(s): | Ubuntu 12.04 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:28336 | |||
