CentOS 4 / 5 : thunderbird (CESA-2011:1343)

critical Nessus プラグイン ID 56312
New! Vulnerability Priority Rating (VPR)

Tenable では、すべての脆弱性に対して動的な VPR が計算されます。VPR は脆弱性の情報を、脅威インテリジェンスや機械学習アルゴリズムと組み合わせて、攻撃時に最も悪用される可能性の高い脆弱性を予測します。詳細は、 「VPR とは何で、CVSS とはどう違うのか」を参照してください。

VPR スコア : 5.9

概要

The remote CentOS host is missing a security update.

説明

An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999)

An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-2998)

All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.

ソリューション

Update the affected thunderbird package.

関連情報

http://www.nessus.org/u?d23c8cdf

http://www.nessus.org/u?04364447

http://www.nessus.org/u?72725331

http://www.nessus.org/u?c6f4dd12

プラグインの詳細

深刻度: Critical

ID: 56312

ファイル名: centos_RHSA-2011-1343.nasl

バージョン: 1.12

タイプ: local

エージェント: unix

公開日: 2011/9/29

更新日: 2021/1/4

依存関係: ssh_get_info.nasl

リスク情報

リスクファクター: Critical

VPR スコア: 5.9

CVSS v2.0

Base Score: 10

ベクトル: AV:N/AC:L/Au:N/C:C/I:C/A:C

脆弱性の情報

CPE: p-cpe:/a:centos:centos:thunderbird, cpe:/o:centos:centos:4, cpe:/o:centos:centos:5

必要な KB アイテム: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

パッチ公開日: 2011/9/29

脆弱性公開日: 2011/9/28

参照情報

CVE: CVE-2011-2998, CVE-2011-2999

RHSA: 2011:1343