Executive Summary
Summary | |
---|---|
Title | Thunderbird vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-400-1 | First vendor Publication | 2007-01-04 |
Vendor | Ubuntu | Last vendor Modification | 2007-01-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. (CVE-2006-6506) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503) |
Original Source
Url : http://www.ubuntu.com/usn/USN-400-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-254 | Security Features |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for Mozilla 1.7 119115-35 File : nvt/gb_solaris_119115_35.nasl |
2009-10-13 | Name : Solaris Update for Mozilla 1.7_x86 119116-35 File : nvt/gb_solaris_119116_35.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:010 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_010.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:011 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_011.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-398-1 File : nvt/gb_ubuntu_USN_398_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-398-2 File : nvt/gb_ubuntu_USN_398_2.nasl |
2009-03-23 | Name : Ubuntu Update for firefox regression USN-398-4 File : nvt/gb_ubuntu_USN_398_4.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-400-1 File : nvt/gb_ubuntu_USN_400_1.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2006-004 File : nvt/gb_fedora_2006_004_thunderbird_fc5.nasl |
2009-01-28 | Name : SuSE Update for mozilla SUSE-SA:2007:006 File : nvt/gb_suse_2007_006.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-02 (mozilla-firefox) File : nvt/glsa_200701_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-03 (mozilla-thunderbird) File : nvt/glsa_200701_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-04 (seamonkey) File : nvt/glsa_200701_04.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1253-1 (mozilla-firefox) File : nvt/deb_1253_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1258-1 (mozilla-firefox) File : nvt/deb_1258_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1265-1 (mozilla) File : nvt/deb_1265_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31350 | Mozilla Multiple Products rfc2047-encoded Header Handling Overflow |
31349 | Mozilla Multiple Products Content-Type Header Processing Overflow |
31348 | Mozilla Multiple Products Layout Engine Memory Corruption |
31347 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
31346 | Mozilla Multiple Products CPU FPP Reduction js_dtoa() Memory Corruption |
31344 | Mozilla Multiple Products JavaScript watch() Function Privilege Escalation |
31343 | Mozilla Multiple Products LiveConnect JS Object Finalization DoS |
31342 | Mozilla Multiple Products img.src javascript: URI XSS |
31340 | Mozilla Firefox RSS Feed-preview Referrer Leak |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt RuleID : 20667 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt RuleID : 20666 - Revision : 6 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-2423.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-400-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-4.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-2418.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-2421.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-2432.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1265.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-010.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-011.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1258.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1253.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-004.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1491.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2006-1492.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1499.nasl - Type : ACT_GATHER_INFO |
2007-01-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-04.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-03.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-02.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_107.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1509.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1509.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:03 |
|
2013-05-11 12:25:44 |
|