Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1050-1.NASL
HistoryMar 03, 2011 - 12:00 a.m.

Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1050-1)

2011-03-0300:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0053, CVE-2011-0062)

Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges.
(CVE-2010-1585)

Jordi Chancel discovered a buffer overlow in the JPEG decoding engine.
An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0061).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1050-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(52527);
  script_version("1.13");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-1585", "CVE-2011-0053", "CVE-2011-0061", "CVE-2011-0062");
  script_bugtraq_id(46368, 46645, 46647, 46651);
  script_xref(name:"USN", value:"1050-1");

  script_name(english:"Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1050-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden,
Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous
discovered several memory issues in the browser engine. An attacker
could exploit these to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2011-0053, CVE-2011-0062)

Roberto Suggi Liverani discovered a possible issue with unsafe
JavaScript execution in chrome documents. A malicious extension could
exploit this to execute arbitrary code with chrome privlieges.
(CVE-2010-1585)

Jordi Chancel discovered a buffer overlow in the JPEG decoding engine.
An attacker could exploit this to crash the browser or possibly run
arbitrary code as the user invoking the program. (CVE-2011-0061).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1050-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support-dbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"thunderbird", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"thunderbird-dbg", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"thunderbird-dev", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"thunderbird-gnome-support", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"thunderbird-gnome-support-dbg", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"thunderbird", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"thunderbird-dbg", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"thunderbird-dev", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"thunderbird-gnome-support", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"thunderbird-gnome-support-dbg", pkgver:"3.1.8+build3+nobinonly-0ubuntu0.10.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-dbg / thunderbird-dev / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxthunderbirdp-cpe:/a:canonical:ubuntu_linux:thunderbird
canonicalubuntu_linuxthunderbird-dbgp-cpe:/a:canonical:ubuntu_linux:thunderbird-dbg
canonicalubuntu_linuxthunderbird-devp-cpe:/a:canonical:ubuntu_linux:thunderbird-dev
canonicalubuntu_linuxthunderbird-gnome-supportp-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support
canonicalubuntu_linuxthunderbird-gnome-support-dbgp-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support-dbg
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10

Related

openvas 46
nessus 48
redhat 4
ubuntu 4
oraclelinux 4
securityvulns 4
mozilla 3
freebsd 1
centos 3
suse 2
ubuntucve 4
prion 4
cve 4
veracode 4
cvelist 4
seebug 1
osv 3
debian 4
gentoo 1
openvas
openvas
Mandriva Update for mozilla-thunderbird MDVSA-2011:042 (mozilla-thunderbird)
2011-03-15 00:00:00
RedHat Update for thunderbird RHSA-2011:0311-01
2012-07-09 00:00:00
RedHat Update for thunderbird RHSA-2011:0311-01
2012-07-09 00:00:00
nessus
nessus
RHEL 6 : thunderbird (RHSA-2011:0311)
2011-03-02 00:00:00
Mozilla Thunderbird 3.1 < 3.1.8 Multiple Vulnerabilities
2011-03-03 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2011-0311)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2011:0311) Critical: thunderbird security update
2011-03-01 00:00:00
(RHSA-2011:0310) Critical: firefox security and bug fix update
2011-03-01 00:00:00
(RHSA-2011:0312) Moderate: thunderbird security update
2011-03-01 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-03-03 00:00:00
Firefox and Xulrunner regression
2011-03-07 00:00:00
Firefox and Xulrunner vulnerabilities
2011-03-03 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-03-02 00:00:00
firefox security and bug fix update
2011-03-02 00:00:00
thunderbird security update
2011-03-02 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-01
2011-03-03 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-03-03 00:00:00
Mozilla Foundation Security Advisory 2011-08
2011-03-03 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) — Mozilla
2011-03-01 00:00:00
Crash caused by corrupted JPEG image — Mozilla
2011-03-01 00:00:00
ParanoidFragmentSink allows javascript: URLs in chrome documents — Mozilla
2011-03-01 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-03-01 00:00:00
centos
centos
firefox security update
2011-03-03 05:18:19
thunderbird security update
2011-03-03 05:17:10
seamonkey security update
2011-03-03 05:16:12
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2011-03-15 12:02:21
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
ubuntucve
ubuntucve
CVE-2011-0061
2011-03-02 00:00:00
CVE-2010-1585
2010-04-28 00:00:00
CVE-2011-0062
2011-03-02 00:00:00
prion
prion
Buffer overflow
2011-03-02 20:00:00
Design/Logic Flaw
2010-04-28 22:30:00
Memory corruption
2011-03-02 20:00:00
cve
cve
CVE-2011-0061
2011-03-02 20:00:00
CVE-2011-0062
2011-03-02 20:00:00
CVE-2010-1585
2010-04-28 22:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:54:15
Arbitrary Code Execution
2020-04-10 00:54:23
Arbitrary Code Execution
2020-04-10 00:54:24
cvelist
cvelist
CVE-2011-0061
2011-03-02 19:00:00
CVE-2011-0062
2011-03-02 19:00:00
CVE-2010-1585
2010-04-28 22:00:00
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkey MFSA多个安全漏洞
2011-03-03 00:00:00
osv
osv
iceweasel - several
2011-03-09 00:00:00
icedove - several
2011-03-09 00:00:00
iceape - several
2011-03-03 00:00:00
debian
debian
[BSA-027] Security Update for iceweasel
2011-03-17 10:44:52
[SECURITY] [DSA 2180-1] iceape security update
2011-03-03 22:12:16
[SECURITY] [DSA 2186-1] iceweasel security update
2011-03-10 09:34:44
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for UBUNTU_USN-1050-1.NASL
openvas46nessus48redhat4ubuntu4oraclelinux4securityvulns4mozilla3freebsd1centos3suse2ubuntucve4prion4cve4veracode4cvelist4seebug1osv3debian4gentoo1