Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:052)

high Nessus Plugin ID 21004

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass JavaScript security settings and obtain sensitive information or cause a crash via an e-mail containing a JavaScript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Updated packages have been patched to address this issue.

Solution

Update the affected mozilla-thunderbird, mozilla-thunderbird-enigmail and / or mozilla-thunderbird-enigmime packages.

Plugin Details

Severity: High

ID: 21004

File Name: mandrake_MDKSA-2006-052.nasl

Version: 1.17

Type: local

Family: Mandriva Local Security Checks

Published: 3/6/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mozilla-thunderbird, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmime, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/2/2006

Reference Information

CVE: CVE-2006-0884

CWE: 20

MDKSA: 2006:052

Detections

Analytics