Fedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Several flaws were found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code as the
user running Thunderbird. (CVE-2009-0040, CVE-2009-0352,
CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several
flaws were found in the way malformed content was processed. An HTML
mail message containing specially crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by
default in Thunderbird. None of the above issues are exploitable
unless JavaScript is enabled.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=483139
https://bugzilla.redhat.com/show_bug.cgi?id=483141
https://bugzilla.redhat.com/show_bug.cgi?id=483143
https://bugzilla.redhat.com/show_bug.cgi?id=486355
https://bugzilla.redhat.com/show_bug.cgi?id=488273
https://bugzilla.redhat.com/show_bug.cgi?id=488283
https://bugzilla.redhat.com/show_bug.cgi?id=488287
https://bugzilla.redhat.com/show_bug.cgi?id=488290
http://www.nessus.org/u?8ce5a8e3

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 35984 (fedora_2009-2884.nasl)

Bugtraq ID: 33598
33827
33990

CVE ID: CVE-2009-0040
CVE-2009-0352
CVE-2009-0353
CVE-2009-0355
CVE-2009-0772
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now