Red Hat: 2012:0080-01: thunderbird: Critical Advisory

    Date31 Jan 2012
    1895
    Posted ByJoe Shakespeare
    An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...]
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Critical: thunderbird security update
    Advisory ID:       RHSA-2012:0080-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0080.html
    Issue date:        2012-01-31
    CVE Names:         CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 
                       CVE-2012-0449 
    =====================================================================
    
    1. Summary:
    
    An updated thunderbird package that fixes multiple security issues is now
    available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having critical
    security impact. Common Vulnerability Scoring System (CVSS) base scores,
    which give detailed severity ratings, are available for each vulnerability
    from the CVE links in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
    Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
    Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
    
    3. Description:
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    A use-after-free flaw was found in the way Thunderbird removed
    nsDOMAttribute child nodes. In certain circumstances, due to the premature
    notification of AttributeChildRemoved, a malicious script could possibly
    use this flaw to cause Thunderbird to crash or, potentially, execute
    arbitrary code with the privileges of the user running Thunderbird.
    (CVE-2011-3659)
    
    Several flaws were found in the processing of malformed content. An HTML
    mail message containing malicious content could cause Thunderbird to crash
    or, potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2012-0442)
    
    A flaw was found in the way Thunderbird parsed certain Scalable Vector
    Graphics (SVG) image files that contained eXtensible Style Sheet Language
    Transformations (XSLT). An HTML mail message containing a malicious SVG
    image file could cause Thunderbird to crash or, potentially, execute
    arbitrary code with the privileges of the user running Thunderbird.
    (CVE-2012-0449)
    
    The same-origin policy in Thunderbird treated http://example.com and
    http://[example.com] as interchangeable. A malicious script could possibly
    use this flaw to gain access to sensitive information (such as a client's
    IP and user e-mail address, or httpOnly cookies) that may be included in
    HTTP proxy error replies, generated in response to invalid URLs using
    square brackets. (CVE-2011-3670)
    
    Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a
    specially-crafted HTML mail message as JavaScript is disabled by default
    for mail messages. It could be exploited another way in Thunderbird, for
    example, when viewing the full remote content of an RSS feed.
    
    For technical details regarding these flaws, refer to the Mozilla security
    advisories for Thunderbird 3.1.18. You can find a link to the Mozilla
    advisories in the References section of this erratum.
    
    All Thunderbird users should upgrade to these updated packages, which
    contain Thunderbird version 3.1.18, which corrects these issues. After
    installing the update, Thunderbird must be restarted for the changes to
    take effect.
    
    4. Solution:
    
    Before applying this update, make sure all previously-released errata
    relevant to your system have been applied.
    
    This update is available via the Red Hat Network. Details on how to
    use the Red Hat Network to apply this update are available at
    https://access.redhat.com/kb/docs/DOC-11259
    
    5. Bugs fixed (http://bugzilla.redhat.com/):
    
    785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)
    785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
    785966 - CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)
    786258 - CVE-2011-3659 Mozilla: child nodes from nsDOMAttribute still accessible after removal of nodes (MFSA 2012-04)
    
    6. Package List:
    
    Red Hat Enterprise Linux Desktop (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.18-1.el6_2.src.rpm
    
    i386:
    thunderbird-3.1.18-1.el6_2.i686.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
    
    x86_64:
    thunderbird-3.1.18-1.el6_2.x86_64.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
    
    Red Hat Enterprise Linux Server Optional (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.18-1.el6_2.src.rpm
    
    i386:
    thunderbird-3.1.18-1.el6_2.i686.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
    
    ppc64:
    thunderbird-3.1.18-1.el6_2.ppc64.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.ppc64.rpm
    
    s390x:
    thunderbird-3.1.18-1.el6_2.s390x.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.s390x.rpm
    
    x86_64:
    thunderbird-3.1.18-1.el6_2.x86_64.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.18-1.el6_2.src.rpm
    
    i386:
    thunderbird-3.1.18-1.el6_2.i686.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
    
    x86_64:
    thunderbird-3.1.18-1.el6_2.x86_64.rpm
    thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/#package
    
    7. References:
    
    https://www.redhat.com/security/data/cve/CVE-2011-3659.html
    https://www.redhat.com/security/data/cve/CVE-2011-3670.html
    https://www.redhat.com/security/data/cve/CVE-2012-0442.html
    https://www.redhat.com/security/data/cve/CVE-2012-0449.html
    https://access.redhat.com/security/updates/classification/#critical
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.18
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2012 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"30","type":"x","order":"1","pct":90.91,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.06,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.03,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.