Vulnerabilities > CVE-2007-1282 - Integer Overflow vulnerability in Mozilla Seamonkey and Thunderbird

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

redhat

mozilla

critical

nessus

NVD

Published: 2007-03-06

Updated: 2017-10-11

Summary

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 4.0 Redhat Enterprise Linux Desktop 4.0	4
Application	Mozilla Mozilla Seamonkey 1.0 Mozilla Seamonkey 1.0.1 Mozilla Seamonkey 1.0.2 Mozilla Seamonkey 1.0.3 Mozilla Seamonkey 1.0.4 Mozilla Seamonkey 1.0.5 Mozilla Seamonkey 1.0.6 Mozilla Seamonkey 1.0.7 Mozilla Thunderbird 0.1 Mozilla Thunderbird 0.2 Mozilla Thunderbird 0.3 Mozilla Thunderbird 0.4 Mozilla Thunderbird 0.5 Mozilla Thunderbird 0.6 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.3 Mozilla Thunderbird 0.8 Mozilla Thunderbird 0.9 Mozilla Thunderbird 1.0 Mozilla Thunderbird 1.0.1 Mozilla Thunderbird 1.0.2 Mozilla Thunderbird 1.0.3 Mozilla Thunderbird 1.0.4 Mozilla Thunderbird 1.0.5 Mozilla Thunderbird 1.0.6 Mozilla Thunderbird 1.0.7 Mozilla Thunderbird 1.0.8 Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.5.0.1 Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5.0.3 Mozilla Thunderbird 1.5.0.4 Mozilla Thunderbird 1.5.0.6 Mozilla Thunderbird 1.5.0.7 Mozilla Thunderbird 1.5.0.8 Mozilla Thunderbird 1.5.0.9	38

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0077.NASL
description	From Red Hat Security Advisory 2007:0077 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 26 February 2007] Packages for Red Hat Enterprise Linux 4 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. [Updated 12 March 2007] Packages for Red Hat Enterprise Linux 2.1 and 3 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	67453
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67453
title	Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0077 and # Oracle Linux Security Advisory ELSA-2007-0077 respectively. # include("compat.inc"); if (description) { script_id(67453); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2006-6077", "CVE-2007-0008", "CVE-2007-0009", "CVE-2007-0775", "CVE-2007-0777", "CVE-2007-0778", "CVE-2007-0779", "CVE-2007-0780", "CVE-2007-0800", "CVE-2007-0981", "CVE-2007-0994", "CVE-2007-0995", "CVE-2007-0996", "CVE-2007-1092", "CVE-2007-1282"); script_bugtraq_id(21240, 22396, 22566, 22679, 22694, 22826); script_xref(name:"RHSA", value:"2007:0077"); script_name(english:"Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0077 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 26 February 2007] Packages for Red Hat Enterprise Linux 4 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. [Updated 12 March 2007] Packages for Red Hat Enterprise Linux 2.1 and 3 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the 'location.hostname' value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.8 that corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-February/000056.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000105.html" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-chat-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-chat-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-devel-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-devel-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-js-debugger-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-mail-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-mail-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nspr-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nspr-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nss-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nss-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nss-devel-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.8-0.2.el3.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"devhelp-0.10-0.7.el4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"devhelp-0.10-0.7.el4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"devhelp-devel-0.10-0.7.el4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"devhelp-devel-0.10-0.7.el4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-chat-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-chat-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-devel-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-devel-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-js-debugger-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-mail-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-mail-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nspr-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nspr-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nss-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nss-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nss-devel-1.0.8-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.8-0.1.el4.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0078.NASL
description	From Red Hat Security Advisory 2007:0078 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 06 March 2007] Updated text description to add CVE-2007-1282 and remove CVE-2007-0994, which was mistakenly listed as affecting Thunderbird. No changes have been made to these erratum packages. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777, CVE-2007-1092) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	67454
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67454
title	Oracle Linux 4 : thunderbird (ELSA-2007-0078)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0078 and # Oracle Linux Security Advisory ELSA-2007-0078 respectively. # include("compat.inc"); if (description) { script_id(67454); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2006-6077", "CVE-2007-0008", "CVE-2007-0009", "CVE-2007-0775", "CVE-2007-0777", "CVE-2007-0778", "CVE-2007-0779", "CVE-2007-0780", "CVE-2007-0800", "CVE-2007-0981", "CVE-2007-0994", "CVE-2007-0995", "CVE-2007-0996", "CVE-2007-1092", "CVE-2007-1282"); script_bugtraq_id(21240, 22396, 22566, 22679, 22694); script_xref(name:"RHSA", value:"2007:0078"); script_name(english:"Oracle Linux 4 : thunderbird (ELSA-2007-0078)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0078 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 06 March 2007] Updated text description to add CVE-2007-1282 and remove CVE-2007-0994, which was mistakenly listed as affecting Thunderbird. No changes have been made to these erratum packages. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777, CVE-2007-1092) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the 'location.hostname' value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000062.html" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"thunderbird-1.5.0.10-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"thunderbird-1.5.0.10-0.1.el4.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0077.NASL
description	Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 26 February 2007] Packages for Red Hat Enterprise Linux 4 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. [Updated 12 March 2007] Packages for Red Hat Enterprise Linux 2.1 and 3 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	24703
published	2007-02-26
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24703
title	CentOS 3 / 4 : seamonkey (CESA-2007:0077)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0077 and # CentOS Errata and Security Advisory 2007:0077 respectively. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(24703); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-6077", "CVE-2007-0008", "CVE-2007-0009", "CVE-2007-0775", "CVE-2007-0777", "CVE-2007-0778", "CVE-2007-0779", "CVE-2007-0780", "CVE-2007-0800", "CVE-2007-0981", "CVE-2007-0994", "CVE-2007-0995", "CVE-2007-0996", "CVE-2007-1092", "CVE-2007-1282"); script_bugtraq_id(21240, 22396, 22566, 22679, 22694, 22826); script_xref(name:"RHSA", value:"2007:0077"); script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2007:0077)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 26 February 2007] Packages for Red Hat Enterprise Linux 4 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. [Updated 12 March 2007] Packages for Red Hat Enterprise Linux 2.1 and 3 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the 'location.hostname' value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.8 that corrects these issues." ); # http://lists.centos.org/pipermail/centos-announce/2007-February/013569.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5d3d230e" ); # http://lists.centos.org/pipermail/centos-announce/2007-February/013570.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3d2c997e" ); # http://lists.centos.org/pipermail/centos-announce/2007-February/013571.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?869aed90" ); # http://lists.centos.org/pipermail/centos-announce/2007-February/013572.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?139d28c7" ); # http://lists.centos.org/pipermail/centos-announce/2007-February/013575.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c9f4dff0" ); # http://lists.centos.org/pipermail/centos-announce/2007-February/013582.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?674a9f3f" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/26"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS"); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"seamonkey-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.8-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.10-0.7.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.10-0.7.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.10-0.7.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.10-0.7.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-chat-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-chat-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-chat-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-devel-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-devel-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-devel-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-dom-inspector-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-js-debugger-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-js-debugger-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-mail-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-mail-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-mail-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-nspr-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-nspr-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-nspr-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-nspr-devel-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-nss-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-nss-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-nss-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-nss-devel-1.0.8-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"seamonkey-nss-devel-1.0.8-0.2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.8-0.1.el4.centos")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0077-2.NASL
description	From Red Hat Security Advisory 2007:0077 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 26 February 2007] Packages for Red Hat Enterprise Linux 4 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. [Updated 12 March 2007] Packages for Red Hat Enterprise Linux 2.1 and 3 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	67452
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67452
title	Oracle Linux 4 : seamonkey (ELSA-2007-0077-2)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-309.NASL
description	- Thu Mar 1 2007 Martin Stransky <stransky at redhat.com> 1.5.0.10-1 - Update to 1.5.0.10 - Tue Dec 19 2006 Matthias Clasen <mclasen at redhat.com> 1.5.0.9-2 - Add a Requires: launchmail (#219884) - Tue Dec 19 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.9-1 - Update to 1.5.0.9 - Take firefox
last seen	2020-06-01
modified	2020-06-02
plugin id	24769
published	2007-03-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24769
title	Fedora Core 5 : thunderbird-1.5.0.10-1.fc5 (2007-309)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1336.NASL
description	Several remote vulnerabilities have been discovered in Mozilla Firefox. This will be the last security update of Mozilla-based products for the oldstable (sarge) distribution of Debian. We recommend to upgrade to stable (etch) as soon as possible. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2007-1282 It was discovered that an integer overflow in text/enhanced message parsing allows the execution of arbitrary code. - CVE-2007-0994 It was discovered that a regression in the JavaScript engine allows the execution of JavaScript with elevated privileges. - CVE-2007-0995 It was discovered that incorrect parsing of invalid HTML characters allows the bypass of content filters. - CVE-2007-0996 It was discovered that insecure child frame handling allows cross-site scripting. - CVE-2007-0981 It was discovered that Firefox handles URI with a null byte in the hostname insecurely. - CVE-2007-0008 It was discovered that a buffer overflow in the NSS code allows the execution of arbitrary code. - CVE-2007-0009 It was discovered that a buffer overflow in the NSS code allows the execution of arbitrary code. - CVE-2007-0775 It was discovered that multiple programming errors in the layout engine allow the execution of arbitrary code. - CVE-2007-0778 It was discovered that the page cache calculates hashes in an insecure manner. - CVE-2006-6077 It was discovered that the password manager allows the disclosure of passwords.
last seen	2020-06-01
modified	2020-06-02
plugin id	25779
published	2007-07-27
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25779
title	Debian DSA-1336-1 : mozilla-firefox - several vulnerabilities

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2007-066-05.NASL
description	A new seamonkey package is available for Slackware 11.0 to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24791
published	2007-03-12
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24791
title	Slackware 11.0 : seamonkey (SSA:2007-066-05)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2007-066-04.NASL
description	New mozilla-thunderbird packages are available for Slackware 10.2, and 11.0 to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24790
published	2007-03-12
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24790
title	Slackware 10.2 / 11.0 : mozilla-thunderbird (SSA:2007-066-04)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-308.NASL
description	- Thu Mar 1 2007 Martin Stransky <stransky at redhat.com> 1.5.0.10-1 - Update to 1.5.0.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24768
published	2007-03-06
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24768
title	Fedora Core 6 : thunderbird-1.5.0.10-1.fc6 (2007-308)

NASL family	Windows
NASL id	MOZILLA_THUNDERBIRD_15010.NASL
description	The remote version of Mozilla Thunderbird suffers from various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	24748
published	2007-03-02
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24748
title	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200703-18.NASL
description	The remote host is affected by the vulnerability described in GLSA-200703-18 (Mozilla Thunderbird: Multiple vulnerabilities) Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engine potentially leading to memory corruption. Additionally, the binary version of Mozilla Thunderbird includes a vulnerable NSS library which contains two possible buffer overflows involving the SSLv2 protocol. Impact : An attacker could entice a user to read a specially crafted email that could trigger one of the vulnerabilities, some of them being related to Mozilla Thunderbird
last seen	2020-06-01
modified	2020-06-02
plugin id	24867
published	2007-03-19
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24867
title	GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0078.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 06 March 2007] Updated text description to add CVE-2007-1282 and remove CVE-2007-0994, which was mistakenly listed as affecting Thunderbird. No changes have been made to these erratum packages. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777, CVE-2007-1092) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	24774
published	2007-03-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24774
title	RHEL 4 : thunderbird (RHSA-2007:0078)

NASL family	Windows
NASL id	SEAMONKEY_108.NASL
description	The installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	24735
published	2007-02-28
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24735
title	SeaMonkey < 1.0.8 Multiple Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0078.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 06 March 2007] Updated text description to add CVE-2007-1282 and remove CVE-2007-0994, which was mistakenly listed as affecting Thunderbird. No changes have been made to these erratum packages. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777, CVE-2007-1092) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	24763
published	2007-03-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24763
title	CentOS 4 : thunderbird (CESA-2007:0078)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0108.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	63841
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63841
title	RHEL 5 : thunderbird (RHSA-2007:0108)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0077.NASL
description	Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 26 February 2007] Packages for Red Hat Enterprise Linux 4 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. [Updated 12 March 2007] Packages for Red Hat Enterprise Linux 2.1 and 3 have been updated to correct an issue which prevented Evolution and other applications linked against the NSS library from functioning. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the
last seen	2020-06-01
modified	2020-06-02
plugin id	24707
published	2007-02-26
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24707
title	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0077)

Oval

accepted

2013-04-29T04:13:09.201-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:11313

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	230158
title	seamonkey-1.0.8-x (critical) update prevents evolution from starting

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment devhelp-devel is earlier than 0:0.10-0.7.el4
oval oval:com.redhat.rhsa:tst:20070077001
comment devhelp-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060329002
AND
comment devhelp is earlier than 0:0.10-0.7.el4
oval oval:com.redhat.rhsa:tst:20070077003
comment devhelp is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060329004

AND

comment seamonkey-js-debugger is earlier than 0:1.0.8-0.2.el4
oval oval:com.redhat.rhsa:tst:20070077005
comment seamonkey-js-debugger is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609002

AND
comment seamonkey-devel is earlier than 0:1.0.8-0.2.el4
oval oval:com.redhat.rhsa:tst:20070077007
comment seamonkey-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609010
AND
comment seamonkey-chat is earlier than 0:1.0.8-0.2.el4
oval oval:com.redhat.rhsa:tst:20070077009
comment seamonkey-chat is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609004
AND
comment seamonkey is earlier than 0:1.0.8-0.2.el4
oval oval:com.redhat.rhsa:tst:20070077011
comment seamonkey is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609006

AND

comment seamonkey-dom-inspector is earlier than 0:1.0.8-0.2.el4
oval oval:com.redhat.rhsa:tst:20070077013
comment seamonkey-dom-inspector is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609008

AND
comment seamonkey-mail is earlier than 0:1.0.8-0.2.el4
oval oval:com.redhat.rhsa:tst:20070077015
comment seamonkey-mail is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609012

rhsa

id	RHSA-2007:0077
released	2007-03-13
severity	Critical
title	RHSA-2007:0077: seamonkey security update (Critical)

bugzilla

id	230542
title	CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1092)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment thunderbird is earlier than 0:1.5.0.10-0.1.el4
oval oval:com.redhat.rhsa:tst:20070078001
comment thunderbird is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060330002

rhsa

id	RHSA-2007:0078
released	2007-03-06
severity	Critical
title	RHSA-2007:0078: thunderbird security update (Critical)

bugzilla

id	230562
title	CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1282)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment thunderbird is earlier than 0:1.5.0.10-1.el5
oval oval:com.redhat.rhsa:tst:20070108001
comment thunderbird is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070108002

rhsa

id	RHSA-2007:0108
released	2007-03-14
severity	Critical
title	RHSA-2007:0108: thunderbird security update (Critical)

rpms

devhelp-0:0.10-0.7.el4
devhelp-debuginfo-0:0.10-0.7.el4
devhelp-devel-0:0.10-0.7.el4
seamonkey-0:1.0.8-0.2.el2
seamonkey-0:1.0.8-0.2.el3
seamonkey-0:1.0.8-0.2.el4
seamonkey-chat-0:1.0.8-0.2.el2
seamonkey-chat-0:1.0.8-0.2.el3
seamonkey-chat-0:1.0.8-0.2.el4
seamonkey-debuginfo-0:1.0.8-0.2.el3
seamonkey-debuginfo-0:1.0.8-0.2.el4
seamonkey-devel-0:1.0.8-0.2.el2
seamonkey-devel-0:1.0.8-0.2.el3
seamonkey-devel-0:1.0.8-0.2.el4
seamonkey-dom-inspector-0:1.0.8-0.2.el2
seamonkey-dom-inspector-0:1.0.8-0.2.el3
seamonkey-dom-inspector-0:1.0.8-0.2.el4
seamonkey-js-debugger-0:1.0.8-0.2.el2
seamonkey-js-debugger-0:1.0.8-0.2.el3
seamonkey-js-debugger-0:1.0.8-0.2.el4
seamonkey-mail-0:1.0.8-0.2.el2
seamonkey-mail-0:1.0.8-0.2.el3
seamonkey-mail-0:1.0.8-0.2.el4
seamonkey-nspr-0:1.0.8-0.2.el2
seamonkey-nspr-0:1.0.8-0.2.el3
seamonkey-nspr-devel-0:1.0.8-0.2.el2
seamonkey-nspr-devel-0:1.0.8-0.2.el3
seamonkey-nss-0:1.0.8-0.2.el2
seamonkey-nss-0:1.0.8-0.2.el3
seamonkey-nss-devel-0:1.0.8-0.2.el2
seamonkey-nss-devel-0:1.0.8-0.2.el3
thunderbird-0:1.5.0.10-0.1.el4
thunderbird-debuginfo-0:1.5.0.10-0.1.el4
thunderbird-0:1.5.0.10-1.el5
thunderbird-debuginfo-0:1.5.0.10-1.el5

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References