Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)

Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could
execute arbitrary code with the user's privileges. Please note that
JavaScript is disabled by default for emails, and it is not
recommended to enable it. (CVE-2007-3734, CVE-2007-3735,
CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not
correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28107 ()

Bugtraq ID:

CVE ID: CVE-2007-3670
CVE-2007-3734
CVE-2007-3735
CVE-2007-3844
CVE-2007-3845