Executive Summary
Summary | |
---|---|
Title | thunderbird security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:094 | First vendor Publication | 2005-02-15 |
Vendor | RedHat | Last vendor Modification | 2005-02-15 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated Thunderbird package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird handled cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to this issue. Users of Thunderbird are advised to upgrade to this updated package, which contains Thunderbird version 1.0 and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146315 - CAN-2005-0149 Mail responds to cookie requests |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-094.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:100047 | |||
Oval ID: | oval:org.mitre.oval:def:100047 | ||
Title: | Mozilla Mail News Cookie Security Bypass Vulnerability | ||
Description: | Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0149 | Version: | 5 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13339 | Mozilla Multiple Products network.cookie.disableCookieForMailNews Email Secur... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-249.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-248.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-323.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-335.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-094.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:00 |
|