Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] rPSA-2006-0138-1 thunderbird

from [Justin M. Forbes] Network Security [Permanent Link]
Subject: [Full-disclosure] rPSA-2006-0138-1 thunderbird
Date: Thu, 27 Jul 2006 17:03:44 -0400 
rPath Security Advisory: 2006-0138-1
Published: 2006-07-27
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    User Deterministic Vulnerability
Updated Versions:
    thunderbird=/conary.rpath.com@rpl:devel//1/1.5.0.5-1-0.1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
    https://issues.rpath.com/browse/RPL-537
    http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-55.html

Description:
    Previous versions of the thunderbird package have multiple
    vulnerabilities that are resolved in this version.  Most of
    the vulnerabilities are applicable only if Javascript has been
    enabled for email; the Mozilla Foundation strongly recommends
    that Javascript always be disabled for email and thunderbird
    disables Javascript by default.  One of the vulnerabilities
    can cause thunderbird to crash when reading a malformed vCard.
    The Mozilla Foundation has indicated that it is unlikely that
    this issue (MFSA-2006-49, CVE-2006-3804) can be used to enable
    unauthenticated remote access, but warns that similar classes
    of vulnerabilities have been exploited to enable unauthenticated
    remote access in the past.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] rPSA-2006-0138-1 thunderbird, Justin M. Forbes <=
Previous by Date:  Oracle 10g R2 and, probably, all previous versions, putosoft softputo
Next by Date:  Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, Steven M. Christey
Previous by Thread:  Oracle 10g R2 and, probably, all previous versions, putosoft softputo
Next by Thread:  Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, Steven M. Christey
Indexes:  [Date] [Thread] [Top] [All Lists]