This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
Several flaws were found in the way Thunderbird processed certain
code could cause Thunderbird to crash or potentially execute arbitrary
code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868)
Several denial of service flaws were found in the way Thunderbird
handled certain form and cookie data. A malicious website that is able
to set arbitrary form and cookie data could prevent Thunderbird from
functioning properly. (CVE-2007-1362, CVE-2007-2869)
A flaw was found in the way Thunderbird processed certain APOP
authentication requests. By sending certain responses when Thunderbird
attempted to authenticate against an APOP server, a remote attacker
could potentially acquire certain portions of a user's authentication
A flaw was found in the way Thunderbird displayed certain web content.
A malicious web page could generate content which could overlay user
interface elements such as the hostname and security indicators,
tricking users into thinking they are visiting a different site.
See also :
Update the affected thunderbird package.
Risk factor :
High / CVSS Base Score : 9.3