Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ubuntu: Security Advisory (USN-582-2)

🗓️ 23 Mar 2009 00:00:00Reported by Copyright (C) 2009 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 30 Views

The remote host is missing an update for the 'mozilla-thunderbird' package(s) announced via the USN-582-2 advisory. It fixes incomplete upstream fixes causing Thunderbird to crash due to memory errors, and various vulnerabilities in Thunderbird and its JavaScript engine

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Ubuntu		Thunderbird regression
6 Mar 200800:00
ubuntu
Ubuntu		Thunderbird vulnerabilities
29 Feb 200800:00
ubuntu
Ubuntu		Firefox vulnerabilities
8 Feb 200800:00
ubuntu
OpenVAS		Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-582-1
23 Mar 200900:00
openvas
OpenVAS		Ubuntu Update for mozilla-thunderbird USN-582-2
23 Mar 200900:00
openvas
OpenVAS		Slackware: Security Advisory (SSA:2008-061-01)
10 Sep 201200:00
openvas
OpenVAS		Slackware Advisory SSA:2008-061-01 mozilla-thunderbird
11 Sep 201200:00
openvas
OpenVAS		Ubuntu: Security Advisory (USN-582-1)
23 Mar 200900:00
openvas
OpenVAS		Mandriva Update for mozilla-thunderbird MDVSA-2008:062 (mozilla-thunderbird)
9 Apr 200900:00
openvas
OpenVAS		Mandriva Update for mozilla-thunderbird MDVSA-2008:062 (mozilla-thunderbird)
9 Apr 200900:00
openvas
Rows per page
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.840287");
  script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0420");
  script_tag(name:"creation_date", value:"2009-03-23 09:59:50 +0000 (Mon, 23 Mar 2009)");
  script_version("2024-02-02T05:06:04+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_name("Ubuntu: Security Advisory (USN-582-2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(6\.06\ LTS|6\.10|7\.04)");

  script_xref(name:"Advisory-ID", value:"USN-582-2");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-582-2");
  script_xref(name:"URL", value:"https://launchpad.net/bugs/197504");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'mozilla-thunderbird' package(s) announced via the USN-582-2 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream
fixes were incomplete, and after performing certain actions Thunderbird
would crash due to memory errors. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that Thunderbird did not properly set the size of a
 buffer when parsing an external-body MIME-type. If a user were to open
 a specially crafted email, an attacker could cause a denial of service
 via application crash or possibly execute arbitrary code as the user.
 (CVE-2008-0304)

 Various flaws were discovered in Thunderbird and its JavaScript
 engine. By tricking a user into opening a malicious message, an
 attacker could execute arbitrary code with the user's privileges.
 (CVE-2008-0412, CVE-2008-0413)

 Various flaws were discovered in the JavaScript engine. By tricking
 a user into opening a malicious message, an attacker could escalate
 privileges within Thunderbird, perform cross-site scripting attacks
 and/or execute arbitrary code with the user's privileges. (CVE-2008-0415)

 Gerry Eisenhaur discovered that the chrome URI scheme did not properly
 guard against directory traversal. Under certain circumstances, an
 attacker may be able to load files or steal session data. Ubuntu is not
 vulnerable in the default installation. (CVE-2008-0418)

 Flaws were discovered in the BMP decoder. By tricking a user into
 opening a specially crafted BMP file, an attacker could obtain
 sensitive information. (CVE-2008-0420)");

  script_tag(name:"affected", value:"'mozilla-thunderbird' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU6.06 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird", ver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1", rls:"UBUNTU6.06 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU6.10") {

  if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird", ver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1", rls:"UBUNTU6.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU7.04") {

  if(!isnull(res = isdpkgvuln(pkg:"mozilla-thunderbird", ver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1", rls:"UBUNTU7.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Mar 2009 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS29.3
EPSS0.38662
usn-582-2; ubuntu; mozilla-thunderbird; denial of service; arbitrary code execution; memory errors; javascript engine; privileges escalation; cross-site scripting; package update; cve-2008-0304; cve-2008-0412; cve-2008-0413; cve-2008-0415; cve-2008-0418; cve-2008-0420
30
.json
Report