Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2460-1
HistoryJan 19, 2015 - 12:00 a.m.

Thunderbird vulnerabilities

2015-01-1900:00:00
ubuntu.com
43

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.058

Percentile

93.5%

JSON

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Christian Holler and Patrick McManus discovered multiple memory safety
issues in Thunderbird. If a user were tricked in to opening a specially
crafted message with scripting enabled, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2014-8634)

Muneaki Nishimura discovered that requests from navigator.sendBeacon()
lack an origin header. If a user were tricked in to opening a specially
crafted message with scripting enabled, an attacker could potentially
exploit this to conduct cross-site request forgery (XSRF) attacks.
(CVE-2014-8638)

Xiaofeng Zheng discovered that a web proxy returning a 407 response
could inject cookies in to the originally requested domain. If a user
connected to a malicious web proxy, an attacker could potentially exploit
this to conduct session-fixation attacks. (CVE-2014-8639)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchthunderbird< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-dbg< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-dev< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-globalmenu< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-gnome-support< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-gnome-support-dbg< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-locale-af< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-locale-ar< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-locale-ast< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Ubuntu14.10noarchthunderbird-locale-be< 1:31.4.0+build1-0ubuntu0.14.10.1UNKNOWN
Rows per page:
1-10 of 1981

Related

redhat 2
nessus 35
openvas 43
centos 2
debian 2
oraclelinux 2
osv 2
archlinux 2
mageia 3
suse 8
prion 4
cvelist 4
cve 4
veracode 3
nvd 4
ubuntucve 4
mozilla 3
kaspersky 1
ubuntu 3
securityvulns 1
freebsd 1
ibm 1
gentoo 1
redhat
redhat
(RHSA-2015:0047) Important: thunderbird security update
2015-01-13 00:00:00
(RHSA-2015:0046) Critical: firefox security and bug fix update
2015-01-13 00:00:00
nessus
nessus
Debian DSA-3132-1 : icedove - security update
2015-01-20 00:00:00
CentOS 5 / 6 : thunderbird (CESA-2015:0047)
2015-01-15 00:00:00
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150113)
2015-01-15 00:00:00
openvas
openvas
CentOS Update for thunderbird CESA-2015:0047 centos5
2015-01-23 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities-01 (Jan 2015) - Windows
2015-01-20 00:00:00
Debian Security Advisory DSA 3132-1 (icedove - security update)
2015-01-19 00:00:00
centos
centos
thunderbird security update
2015-01-14 15:52:57
firefox, xulrunner security update
2015-01-14 16:08:25
debian
debian
[SECURITY] [DSA 3132-1] icedove security update
2015-01-19 16:58:23
[SECURITY] [DSA 3127-1] iceweasel security update
2015-01-14 19:02:00
oraclelinux
oraclelinux
thunderbird security update
2015-01-13 00:00:00
firefox security and bug fix update
2015-01-14 00:00:00
osv
osv
icedove - security update
2015-01-19 00:00:00
iceweasel - security update
2015-01-14 00:00:00
archlinux
archlinux
thunderbird: multiple issues
2015-01-14 00:00:00
firefox: multiple issues
2015-01-14 00:00:00
mageia
mageia
Updated firefox and thunderbird packages fixes security vulnerabilities
2015-01-18 01:31:08
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
suse
suse
Security update for MozillaFirefox (important)
2015-01-19 13:04:47
Security update for Mozilla Firefox (important)
2015-01-29 07:04:56
Security update for Mozilla Firefox (important)
2015-01-31 01:09:23
prion
prion
Memory corruption
2015-01-14 11:59:00
Cross site request forgery (csrf)
2015-01-14 11:59:00
Session fixation
2015-01-14 11:59:00
cvelist
cvelist
CVE-2014-8634
2015-01-14 11:00:00
CVE-2014-8638
2015-01-14 11:00:00
CVE-2014-8639
2015-01-14 11:00:00
cve
cve
CVE-2014-8634
2015-01-14 11:59:03
CVE-2014-8638
2015-01-14 11:59:07
CVE-2014-8639
2015-01-14 11:59:07
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:04:03
Cross-site Request Forgery (CSRF)
2019-05-02 05:07:07
Session Fixation
2019-05-02 05:07:07
nvd
nvd
CVE-2014-8634
2015-01-14 11:59:03
CVE-2014-8638
2015-01-14 11:59:07
CVE-2014-8639
2015-01-14 11:59:07
ubuntucve
ubuntucve
CVE-2014-8638
2015-01-14 00:00:00
CVE-2014-8634
2015-01-14 00:00:00
CVE-2014-8639
2015-01-14 00:00:00
mozilla
mozilla
sendBeacon requests lack an Origin header — Mozilla
2015-01-13 00:00:00
Cookie injection through Proxy Authenticate responses — Mozilla
2015-01-13 00:00:00
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — Mozilla
2015-01-13 00:00:00
kaspersky
kaspersky
KLA10446 CI vulnerability in Mozilla products
2015-01-13 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2015-01-14 00:00:00
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
ibm
ibm
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS (CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1587, CVE-2014-1588, and 11 more)
2018-06-18 00:09:21
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.058

Percentile

93.5%

JSON
Related for USN-2460-1
redhat2nessus35openvas43centos2debian2oraclelinux2osv2archlinux2mageia3suse8prion4cvelist4cve4veracode3nvd4ubuntucve4mozilla3kaspersky1ubuntu3securityvulns1freebsd1ibm1gentoo1