Detections
Analytics
GLSA-200711-24 : Mozilla Thunderbird: Multiple vulnerabilities
medium Nessus Plugin ID 28263
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-200711-24 (Mozilla Thunderbird: Multiple vulnerabilities)Multiple vulnerabilities have been reported in Mozilla Thunderbird's HTML browser engine (CVE-2007-5339) and JavaScript engine (CVE-2007-5340) that can be exploited to cause a memory corruption.
Impact :
A remote attacker could entice a user to read a specially crafted email that could trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code.
Workaround :
There is no known workaround at this time for all of these issues, but some of them can be avoided by disabling JavaScript.
Solution
All Mozilla Thunderbird users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.9' All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.9'
See Also
Plugin Details
Severity: Medium
ID: 28263
File Name: gentoo_GLSA-200711-24.nasl
Version: 1.19
Type: local
Family: Gentoo Local Security Checks
Published: 11/20/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:gentoo:linux, p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin, p-cpe:/a:gentoo:linux:mozilla-thunderbird
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Ease: No known exploits are available
Patch Publication Date: 11/18/2007
Reference Information
CVE: CVE-2007-5339, CVE-2007-5340
BID: 26132
CWE: 20
GLSA: 200711-24