Detections
Analytics
RHEL 4 / 5 : thunderbird (RHSA-2009:0002)
medium Nessus Plugin ID 35315
Synopsis
The remote Red Hat host is missing one or more security updates for thunderbird.Description
The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2009:0002 advisory.Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513)
Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information.
(CVE-2008-5503, CVE-2008-5506, CVE-2008-5507)
Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled.
A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508)
All Thunderbird users should upgrade to these updated packages, which resolve these issues. All running instances of Thunderbird must be restarted for the update to take effect.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL thunderbird package based on the guidance in RHSA-2009:0002.See Also
http://www.nessus.org/u?df768856
http://www.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=476266
https://bugzilla.redhat.com/show_bug.cgi?id=476267
https://bugzilla.redhat.com/show_bug.cgi?id=476269
https://bugzilla.redhat.com/show_bug.cgi?id=476272
https://bugzilla.redhat.com/show_bug.cgi?id=476278
https://bugzilla.redhat.com/show_bug.cgi?id=476280
https://bugzilla.redhat.com/show_bug.cgi?id=476281
https://bugzilla.redhat.com/show_bug.cgi?id=476285
https://bugzilla.redhat.com/show_bug.cgi?id=476287
Plugin Details
Severity: Medium
ID: 35315
File Name: redhat-RHSA-2009-0002.nasl
Version: 1.28
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 1/8/2009
Updated: 11/4/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2008-5500
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2008-5513
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:thunderbird, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:4
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 1/7/2009
Vulnerability Publication Date: 12/17/2008
Reference Information
CVE: CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513
BID: 32882