GLSA-200507-17 : Mozilla Thunderbird: Multiple vulnerabilities

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200507-17
(Mozilla Thunderbird: Multiple vulnerabilities)

The following vulnerabilities were found and fixed in Mozilla
'moz_bug_r_a4' and 'shutdown' discovered
that Thunderbird was improperly cloning base objects (MFSA
'moz_bug_r_a4' also reported that Thunderbird was
overly trusting contents, allowing privilege escalation via property
overrides (MFSA 2005-41, 2005-44), that it failed to validate XHTML DOM
nodes properly (MFSA 2005-55), and that XBL scripts ran even when
JavaScript is disabled (MFSA 2005-46).
'shutdown' discovered a
possibly exploitable crash in InstallVersion.compareTo (MFSA
Andreas Sandblad from Secunia reported that a child
frame can call top.focus() even if the framing page comes from a
different origin and has overridden the focus() routine (MFSA
Georgi Guninski reported missing Install object
instance checks in the native implementations of XPInstall-related
JavaScript objects (MFSA 2005-40).
Finally, Vladimir V.
Perepelitsa discovered a memory disclosure bug in JavaScript's regular
expression string replacement when using an anonymous function as the
replacement argument (CAN-2005-0989 and MFSA 2005-33).

Impact :

A remote attacker could craft malicious email messages that would
leverage these issues to inject and execute arbitrary script code with
elevated privileges or help in stealing information.

Workaround :

There are no known workarounds for all the issues at this time.

See also :

Solution :

All Mozilla Thunderbird users should upgrade to the latest
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-1.0.5'
All Mozilla Thunderbird binary users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-1.0.5'

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 19222 (gentoo_GLSA-200507-17.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0989

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now