Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Scientific Linux: 2007-10-19 Moderate: Thunderbird Security Update

Calendar Oct 19, 2007 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate security update thunderbird authentication attack html exploit scientific linux
Moderate: thunderbird security update 
Date: Fri, 19 Oct 2007 20:12:06 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for thunderbird on SL5.x, SL4.x, SL3,x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Moderate: thunderbird security update
Issue date:	2007-10-19
CVE Names:	CVE-2007-1095 CVE-2007-2292 CVE-2007-3511
 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337
 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340

Several flaws were found in the way in which Thunderbird processed
certain malformed HTML mail content. An HTML mail message containing
malicious content could cause Thunderbird to crash or potentially
execute arbitrary code as the user running Thunderbird. JavaScript
support is disabled by default in Thunderbird; these issues are not
exploitable unless the user has enabled JavaScript. (CVE-2007-5338,
CVE-2007-5339, CVE-2007-5340)

Several flaws were found in the way in which Thunderbird displayed
malformed HTML mail content. An HTML mail message containing
specially-crafted content could potentially trick a user into
surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844,
CVE-2007-3511, CVE-2007-5334)

A flaw was found in the Thunderbird sftp protocol handler. A malicious
HTML mail message could access data from a remote sftp site, possibly
stealing sensitive user data. (CVE-2007-5337)

A request-splitting flaw was found in the way in which Thunderbird
generates a digest authentication request. If a user opened a
specially-crafted URL, it was possible to perform cross-site scripting
attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)

SL 3.0.x

 SRPMS:
thunderbird-1.5.0.12-0.5.SL3.src.rpm
 i386:
thunderbird-1.5.0.12-0.5.SL3.i386.rpm
 x86_64:
thunderbird-1.5.0.12-0.5.SL3.i386.rpm
thunderbird-1.5.0.12-0.5.SL3.x86_64.rpm

SL 4.x

 SRPMS:
thunderbird-1.5.0.12-0.5.el4.src.rpm
 i386:
thunderbird-1.5.0.12-0.5.el4.i386.rpm
 x86_64:
thunderbird-1.5.0.12-0.5.el4.i386.rpm
thunderbird-1.5.0.12-0.5.el4.x86_64.rpm

SL 5.x

 SRPMS:
thunderbird-1.5.0.12-5.el5.src.rpm
 i386:
thunderbird-1.5.0.12-5.el5.i386.rpm
 x86_64:
thunderbird-1.5.0.12-5.el5.i386.rpm
thunderbird-1.5.0.12-5.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

Related News

Your message here