Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora Core 6: FEDORA-2007-641 Critical: Thunderbird JavaScript Flaw

fedora
Calendar Grey July 20, 2007
Dist Fedora Esm H88
The latest Mozilla Thunderbird patch for Fedora Core 6 resolves vulnerabilities in JavaScript that may jeopardize user security. Update immediately.
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code

Summary

Mozilla Thunderbird is a standalone mail and newsgroup client.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed

certain malformed JavaScript code. A malicious HTML email

message containing JavaScript code could cause Thunderbird

to crash or potentially execute arbitrary code as the user

running Thunderbird. JavaScript support is disabled by

default in Thunderbird; these issues are not exploitable

unless the user has enabled JavaScript. (CVE-2007-3089,

CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,

CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum

packages, which contain backported patches that correct

these issues.

- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12

- Update to latest snapshot of Mozilla 1.8.0 branch

- Include patches for Mozilla bugs 379245, 384925, 178993,

381300 (+382686), 358594 (+380933), 382532 (+382503)

19679f423d4041bff14fb1296301658dfc6ba2ba SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm

19679f423d4041bff14fb1296301658dfc6ba2ba noarch/thunderbird-1.5.0.12-2.fc6.src.rpm

67e87bd1475f0de8294cf57d976ec342bd8a7c5b ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm

98431b993e118b0fe00a2599e645a33ad6522c49 ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm

c2156643405b7c671a93a2264ab958fd5f0fd944 x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm

e3b6835f0a8f7eb4835c1302e967ed008ecd1575 x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm

bfeab692e49e51d7d0b541ca68965ab1500a6606 i386/thunderbird-1.5.0.12-2.fc6.i386.rpm

a0c642b01715286f1ced7a1f49a8d11b2f924577 i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory critical issue Fedora update information mail client Mozilla Thunderbird JavaScript threat

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: thunderbird
Version: 1.5.0.12
Release: 2.fc6
Summary: Mozilla Thunderbird mail/newsgroup client

Topics%20covered

Topics Covered

security advisory critical issue Fedora update information mail client Mozilla Thunderbird JavaScript threat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here