Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CentOS Update for thunderbird CESA-2011:1165 centos4 x86_64

๐Ÿ—“๏ธย 30 Jul 2012ย 00:00:00Reported byย Copyright (C) 2012 Greenbone AGTypeย 
openvas
ย openvas๐Ÿ”—ย plugins.openvas.org๐Ÿ‘ย 22ย Views

The remote host is missing an update for the 'thunderbird' package(s) announced via the referenced advisory. A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
RedHat Linux		(RHSA-2011:1165) Critical: thunderbird security update
16 Aug 201100:00
โ€“redhat
RedHat Linux		(RHSA-2011:1167) Critical: seamonkey security update
16 Aug 201100:00
โ€“redhat
RedHat Linux		(RHSA-2011:1164) Critical: firefox security update
16 Aug 201100:00
โ€“redhat
RedHat Linux		(RHSA-2011:1166) Critical: thunderbird security update
16 Aug 201100:00
โ€“redhat
OpenVAS		CentOS Update for thunderbird CESA-2011:1165 centos4 i386
19 Aug 201100:00
โ€“openvas
OpenVAS		CentOS Update for thunderbird CESA-2011:1165 centos5 x86_64
30 Jul 201200:00
โ€“openvas
OpenVAS		RedHat Update for thunderbird RHSA-2011:1165-01
19 Aug 201100:00
โ€“openvas
OpenVAS		Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows)
9 Sep 201100:00
โ€“openvas
OpenVAS		CentOS Update for thunderbird CESA-2011:1165 centos5 i386
23 Sep 201100:00
โ€“openvas
OpenVAS		CentOS Update for thunderbird CESA-2011:1165 centos5 i386
23 Sep 201100:00
โ€“openvas
Rows per page
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2011-August/017697.html");
  script_oid("1.3.6.1.4.1.25623.1.0.881440");
  script_version("2023-07-10T08:07:43+0000");
  script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
  script_tag(name:"creation_date", value:"2012-07-30 17:52:20 +0530 (Mon, 30 Jul 2012)");
  script_cve_id("CVE-2011-2982", "CVE-2011-2983");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name:"CESA", value:"2011:1165");
  script_name("CentOS Update for thunderbird CESA-2011:1165 centos4 x86_64");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'thunderbird'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS4");
  script_tag(name:"affected", value:"thunderbird on CentOS 4");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"insight", value:"Mozilla Thunderbird is a standalone mail and newsgroup client.

  Several flaws were found in the processing of malformed HTML content.
  Malicious HTML content could cause Thunderbird to crash or, potentially,
  execute arbitrary code with the privileges of the user running
  Thunderbird. (CVE-2011-2982)

  A flaw was found in the way Thunderbird handled malformed JavaScript.
  Malicious content could cause Thunderbird to access already freed memory,
  causing Thunderbird to crash or, potentially, execute arbitrary code with
  the privileges of the user running Thunderbird. (CVE-2011-2983)

  Note: This update disables support for Scalable Vector Graphics (SVG)
  images in Thunderbird on Red Hat Enterprise Linux 5.

  All Thunderbird users should upgrade to this updated package, which
  resolves these issues. All running instances of Thunderbird must be
  restarted for the update to take effect.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~1.5.0.12~40.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Jul 2012 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS210
EPSS0.0176
centos updatethunderbirdcesa-2011:1165x86_64cve-2011-2982cve-2011-2983scalable vector graphicsvendorfix
22
.json
Report