{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Mozilla Thunderbird version 2.0.0.23 et versions ant\u00e9rieures.","product":{"name":"Thunderbird","vendor":{"name":"Mozilla","scada":false}}}],"affected_systems_content":null,"closed_at":"2013-02-05","content":"## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans la version 2.0.0.23 et\ndans les versions ant\u00e9rieures du client de messagerie Mozilla\nThunderbrid. Ces vuln\u00e9rabilit\u00e9s permettent de r\u00e9aliser des actions\nmalveillantes telles que le contournement de la politique de s\u00e9curit\u00e9,\nl'\u00e9l\u00e9vation de privil\u00e8ge, ou encore l'ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\nPour le d\u00e9tail de chaque vuln\u00e9rabilit\u00e9, se reporter aux bulletins de\ns\u00e9curit\u00e9 de l'\u00e9diteur (cf. section Documentation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-2464","url":"https://www.cve.org/CVERecord?id=CVE-2009-2464"},{"name":"CVE-2009-2466","url":"https://www.cve.org/CVERecord?id=CVE-2009-2466"},{"name":"CVE-2009-1308","url":"https://www.cve.org/CVERecord?id=CVE-2009-1308"},{"name":"CVE-2009-2465","url":"https://www.cve.org/CVERecord?id=CVE-2009-2465"},{"name":"CVE-2009-2462","url":"https://www.cve.org/CVERecord?id=CVE-2009-2462"},{"name":"CVE-2009-2463","url":"https://www.cve.org/CVERecord?id=CVE-2009-2463"},{"name":"CVE-2009-2404","url":"https://www.cve.org/CVERecord?id=CVE-2009-2404"},{"name":"CVE-2009-1840","url":"https://www.cve.org/CVERecord?id=CVE-2009-1840"},{"name":"CVE-2009-2408","url":"https://www.cve.org/CVERecord?id=CVE-2009-2408"},{"name":"CVE-2009-1309","url":"https://www.cve.org/CVERecord?id=CVE-2009-1309"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-19 du 21 avril 2009 :","url":"http://www.mozilla.org/security/announce/2009/mfsa2009-19.html"},{"title":"Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-34 du 21 juillet 2009 :","url":"http://www.mozilla.org/security/announce/2009/mfsa2009-34.html"},{"title":"Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-42 du 01 ao\u00fbt 2009 :","url":"http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"},{"title":"Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-43 du 01 ao\u00fbt 2009 :","url":"http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"},{"title":"Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-18 du 21 avril 2009 :","url":"http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"},{"title":"Bulletin d'actualit\u00e9 du CERTA num\u00e9ro CERTA-2009-ACT-032 du    07 ao\u00fbt 2009 :","url":"http://www.certa.ssi.gouv.fr/site/CERTA-2009-ACT-032/index.html"},{"title":"Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-31 du 11 juin 2009 :","url":"http://www.mozilla.org/security/announce/2009/mfsa2009-31.html"}],"reference":"CERTA-2009-ALE-014","revisions":[{"description":"version initiale ;","revision_date":"2009-08-07T00:00:00.000000"},{"description":"prise en compte de la version 2.0.0.23 ;","revision_date":"2009-08-25T00:00:00.000000"},{"description":"fermeture de l'alerte, suite \u00e0 la correction de l'\u00e9diteur.","revision_date":"2013-02-05T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s conduisant, entre autres, \u00e0 une ex\u00e9cution de\ncode arbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Thunderbird.\n","title":"Multiples vuln\u00e9rabilit\u00e9s du client de messagerie Mozilla Thunderbird","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 Mozilla MFSA2009-18, MFSA2009-19, MFSA2009-31,","url":null},{"published_at":null,"title":"MFSA2009-34, MFSA2009-42, MFSA2009-43","url":null}]}