Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
malicious web content, a remote attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2009-1303, CVE-2009-1305,
CVE-2009-1392, CVE-2009-1833, CVE-2009-1838)
Several flaws were discovered in the way Thunderbird processed
malformed URI schemes. If a user were tricked into viewing a malicious
(CVE-2009-1306, CVE-2009-1307, CVE-2009-1309)
Cefn Hoile discovered Thunderbird did not adequately protect against
attacker could exploit this to perform script injection attacks using
XBL bindings. (CVE-2009-1308)
Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that
Thunderbird did not properly handle error responses when connecting to
Thunderbird to view websites and a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information. (CVE-2009-1836)
It was discovered that Thunderbird could be made to run scripts with
certain non-default add-ons installed and were tricked into viewing a
malicious website, an attacker could cause a chrome privileged object,
such as the browser sidebar, to run arbitrary code via interactions
with the attacker controlled website. (CVE-2009-1841).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3