Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora Core 3: 2005-247 Critical: Thunderbird GIF Buffer Overflow

fedora
Calendar Grey March 23, 2005
Dist Fedora Esm H88
An exploit in Mozilla Firefox permits remote code execution through specially crafted PNG files. Users are advised to update to the latest version for Fedora Core 4.
A buffer overflow bug was found in the way Thunderbird processes GIF images

Summary

Mozilla Thunderbird is a standalone mail and newsgroup client.

A buffer overflow bug was found in the way Thunderbird processes GIF

images. It is possible for an attacker to create a specially crafted GIF

image, which when viewed by a victim will execute arbitrary code as the

victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)

has assigned the name CAN-2005-0399 to this issue.

A bug was found in the Thunderbird string handling functions. If a

malicious website is able to exhaust a system's memory, it becomes

possible to execute arbitrary code. The Common Vulnerabilities and

Exposures project (cve.mitre.org) has assigned the name CAN-2005-0255 to

this issue.

Users of Thunderbird are advised to upgrade to this updated package

which contains Thunderbird version 1.0.2 and is not vulnerable to these

issues.

This update enables pango rendering by default.

- Thunderbird 1.0.2

- Enable pango rendering

* Tue Mar 8 2005 Christopher Aillon 1.0-5

- Add patch to compile against new fortified glibc macros

* Sat Mar 5 2005 Christopher Aillon 1.0-4

- Rebuild against GCC 4.0

- Add execshield patches

- Minor specfile cleanup

* Mon Dec 20 2004 Christopher Aillon 1.0-3

- Rebuild

* Thu Dec 16 2004 Christopher Aillon 1.0-2

- Add RPM version to useragent

* Thu Dec 16 2004 Christopher Blizzard

- Port over pango patches from firefox

* Wed Dec 8 2004 Christopher Aillon 1.0-1.3.1

- Thunderbird 1.0

* Mon Dec 6 2004 Christopher Aillon 1.0-0.rc1.1

- Fix advanced prefs

* Fri Dec 3 2004 Christopher Aillon

- Make this run on s390(x) now for real

* Wed Dec 1 2004 Christopher Aillon 1.0-0.rc1.0

- Update to 1.0 rc1

a7764787e90a38e1a7d121b5393c946c SRPMS/thunderbird-1.0.2-1.3.1.src.rpm

642aec4401a1e924bc1569a8a28d2f18 x86_64/thunderbird-1.0.2-1.3.1.x86_64.rpm

b1c171a3a1ec24d996e36f8e3efec462

x86_64/debug/thunderbird-debuginfo-1.0.2-1.3.1.x86_64.rpm

f8872d466515e23b7eb4e49564a24f9f i386/thunderbird-1.0.2-1.3.1.i386.rpm

90eb655353de9280aa8595becc07496c

i386/debug/thunderbird-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Topics%20covered

Topics Covered

security advisory fedora update buffer overflow critical exploit thunderbird

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: thunderbird
Version: 1.0.2
Release: 1.3.1
Summary: Mozilla Thunderbird mail/newsgroup client

Topics%20covered

Topics Covered

security advisory fedora update buffer overflow critical exploit thunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here