Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Thunderbird Multiple Vulnerability Jun-09 (Linux)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Thunderbird, which is prone to multiple vulnerabilities.
Insight
Insight
- Error in js/src/xpconnect/src/xpcwrappedjsclass.cpp file will allow attacker to execute arbitrary web script. - An error when handling a non-200 response returned by a proxy in reply to a CONNECT request, which could cause the body of the response to be rendered within the context of the request 'Host:' header. - An error when handling event listeners attached to an element whose owner document is null. - Due to content-loading policies not being checked before loading external script files into XUL documents, which could be exploited to bypass restrictions. - An error when handling event listeners attached to an element whose owner document is null. - Error exists in JavaScript engine is caused via vectors related to js_LeaveSharpObject, ParseXMLSource, and a certain assertion in jsinterp.c. - Error exists via vectors involving 'double frame construction.'
Affected Software
Affected Software
Thunderbire version prior to 2.0.0.22 on Linux.
Solution
Solution
Upgrade to Firefox version 2.0.0.22.
Common Vulnerabilities and Exposures (CVE)
References
- http://www.vupen.com/english/advisories/2009/1572
- http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-32.html