This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
A cross-site scripting flaw was found in the way Thunderbird handled
the jar: URI scheme. It may be possible for a malicious HTML mail
message to leverage this flaw, and conduct a cross-site scripting
attack against a user running Thunderbird. (CVE-2007-5947)
Several flaws were found in the way Thunderbird processed certain
malformed HTML mail content. A HTML mail message containing malicious
content could cause Thunderbird to crash, or potentially execute
arbitrary code as the user running Thunderbird. (CVE-2007-5959)
A race condition existed when Thunderbird set the 'window.location'
property when displaying HTML mail content. This flaw could allow a
HTML mail message to set an arbitrary Referer header, which may lead
to a Cross-site Request Forgery (CSRF) attack against websites that
rely only on the Referer header for protection. (CVE-2007-5960)
See also :
Update the affected thunderbird package.
Risk factor :
High / CVSS Base Score : 9.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60338 ()
CVE ID: CVE-2007-5947CVE-2007-5959CVE-2007-5960
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.