Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:126)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird :

Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers
to execute arbitrary code via unknown vectors that trigger memory
corruption, as demonstrated by Nils during a Pwn2Own competition at
CanSecWest 2010 (CVE-2010-1121).

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).

Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node (CVE-2010-1199).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2010-1200).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-1202).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?56d85a04

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 47133 (mandriva_MDVSA-2010-126.nasl)

Bugtraq ID:

CVE ID: CVE-2010-1121
CVE-2010-1196
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now