| nessus
via4
|
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-350-1.NASL | | description | This update upgrades Thunderbird from 1.0.8 to 1.5.0.7. This step was
necessary since the 1.0.x series is not supported by upstream any
more.
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810,
CVE-2006-3811, CVE-2006-3812, CVE-2006-4253, CVE-2006-4565,
CVE-2006-4566, CVE-2006-4571)
A buffer overflow has been discovered in the handling of .vcard files.
By tricking a user into importing a malicious vcard into his contacts,
this could be exploited to execute arbitrary code with the user's
privileges. (CVE-2006-3804)
The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)
Jon Oberheide reported a way how a remote attacker could trick users
into downloading arbitrary extensions with circumventing the normal
SSL certificate check. The attacker would have to be in a position to
spoof the victim's DNS, causing them to connect to sites of the
attacker's choosing rather than the sites intended by the victim. If
they gained that control and the victim accepted the attacker's cert
for the Mozilla update site, then the next update check could be
hijacked and redirected to the attacker's site without detection.
(CVE-2006-4567)
Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)
The 'enigmail' plugin and the translation packages have been updated
to work with the new Thunderbird version.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-08-06 | | plugin id | 27930 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27930 | | title | Ubuntu 5.10 : mozilla-thunderbird vulnerabilities (USN-350-1) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-146.NASL | | description | A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Thunderbird program.
Corporate 3 had contained the Mozilla suite however, due to the
support cycle for Mozilla, it was felt that upgrading Mozilla to
Firefox and Thunderbird would allow for better future support for
Corporate 3 users. To that end, the latest Thunderbird is being
provided for Corporate 3 users which fix all known vulnerabilities up
to version 1.5.0.5, as well as providing new and enhanced features.
Corporate users who were using Mozilla for mail may need to explicitly
install the new mozilla-thunderbird packages.
For 2006 users, no explicit installs are necessary.
The following CVE names have been corrected with this update:
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2787,
CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3113, CVE-2006-3802, CVE-2006-3805, CVE-2006-3809,
CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 23894 | | published | 2006-12-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23894 | | title | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS10_119115.NASL | | description | Mozilla 1.7 patch.
Date this patch was last updated by Sun : Sep/13/14
This plugin has been deprecated and either replaced with individual
119115 patch-revision plugins, or deemed non-security related. | | last seen | 2019-01-16 | | modified | 2018-07-30 | | plugin id | 22954 | | published | 2006-11-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22954 | | title | Solaris 10 (sparc) : 119115-36 (deprecated) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-327-1.NASL | | description | Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801,
CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3809, CVE-2006-3811, CVE-2006-3812)
cross-site scripting vulnerabilities were found in the
XPCNativeWrapper() function and native DOM method handlers. A
malicious website could exploit these to modify the contents or steal
confidential data (such as passwords) from other opened web pages.
(CVE-2006-3802, CVE-2006-3810)
A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)
Please see
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Fi
refox
for technical details of these vulnerabilities.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 27905 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27905 | | title | Ubuntu 6.06 LTS : firefox vulnerabilities (USN-327-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS10_X86_119116.NASL | | description | Mozilla 1.7_x86 patch.
Date this patch was last updated by Sun : Aug/05/09
This plugin has been deprecated and either replaced with individual
119116 patch-revision plugins, or deemed non-security related. | | last seen | 2019-01-16 | | modified | 2018-07-30 | | plugin id | 22987 | | published | 2006-11-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22987 | | title | Solaris 10 (x86) : 119116-35 (deprecated) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-143.NASL | | description | A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program.
Previous updates to Firefox were patch fixes to Firefox 1.0.6 that
brought it in sync with 1.0.8 in terms of security fixes. In this
update, Mozilla Firefox 1.5.0.6 is being provided which corrects a
number of vulnerabilities that were previously unpatched, as well as
providing new and enhanced features.
The following CVE names have been corrected with this update:
CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776,
CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780,
CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785,
CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677,
CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,
CVE-2006-3812.
Update :
The previous language packages were not correctly tagged for the new
Firefox which resulted in many of them not loading properly. These
updated language packages correct the problem. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 23892 | | published | 2006-12-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23892 | | title | Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-329-1.NASL | | description | Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810,
CVE-2006-3811, CVE-2006-3812)
A buffer overflow has been discovered in the handling of .vcard files.
By tricking a user into importing a malicious vcard into his contacts,
this could be exploited to execute arbitrary code with the user's
privileges. (CVE-2006-3084)
The 'enigmail' plugin has been updated to work with the new
Thunderbird version.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 27908 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27908 | | title | Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-329-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS8_X86_120672.NASL | | description | Mozilla 1.7_x86 for Solaris 8 and 9.
Date this patch was last updated by Sun : Sep/02/08 | | last seen | 2018-09-02 | | modified | 2016-12-09 | | plugin id | 23772 | | published | 2006-12-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23772 | | title | Solaris 8 (x86) : 120672-08 |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-361-1.NASL | | description | Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)
A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)
The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)
Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-08-06 | | plugin id | 27941 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27941 | | title | Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS9_X86_120672.NASL | | description | Mozilla 1.7_x86 for Solaris 8 and 9.
Date this patch was last updated by Sun : Sep/02/08 | | last seen | 2018-09-01 | | modified | 2016-12-09 | | plugin id | 23773 | | published | 2006-12-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23773 | | title | Solaris 9 (x86) : 120672-08 |
|
