RedHat Security Advisory RHSA-2009:1126

The remote host is missing updates announced in advisory RHSA-2009:1126. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or,...

thunderbird security update

CentOS Errata and Security Advisory CESA-2009:1126 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a...

Moderate: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were...

Google Chrome < 1.0.154.53 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 1.0.154.53. Such versions are reportedly affected by multiple vulnerabilities : - The browser uses the HTTP Host header to determine the context of a 4xx/5xx CONNECT response from a proxy server. This could allow a...

Sun Java System Web Proxy Server 6.1 < 6.1 SP11 XSS Vulnerability

Sun Java Web Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sun Java System Web Proxy Server Vulnerabilities - Windows

Sun Java Web Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Web Script Execution Vulnerabilities - June09 (Linux)

This host has Opera browser installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperawebscriptexecvulnjun09lin.nasl 5122 2017-01-27 12:16:00Z teissa $ Opera Web Script Execution Vulnerabilities - June09 Linux Authors: Sharath S Copyright: Copyrigh...

Opera Web Script Execution Vulnerabilities - June09 (Windows)

This host has Opera browser installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperawebscriptexecvulnjun09win.nasl 5122 2017-01-27 12:16:00Z teissa $ Opera Web Script Execution Vulnerabilities - June09 Windows Authors: Sharath S Copyright:...

CVE-2009-2071

Google Chrome before 1.0.154.53 displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and the...

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted 1 4xx or 2 5xx CONNECT response page for an https request sent through a proxy server...

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, an...

CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

Cross site request forgery (csrf)

Opera displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a...

Hardcoded credentials

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

Design/Logic Flaw

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted 1 4xx or 2 5xx CONNECT response page for an https request sent through a proxy server...

Hardcoded credentials

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack...

Cross site request forgery (csrf)

Microsoft Internet Explorer before 8 displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, an...

Cross site request forgery (csrf)

Google Chrome before 1.0.154.53 displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and the...

CVE-2009-2070

Opera displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a...