Date:         Tue, 24 Mar 2009 16:10:22 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: thunderbird security update
Issue date:	2009-03-24
CVE Names:	CVE-2009-0352 CVE-2009-0353 CVE-2009-0355
                 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775
                 CVE-2009-0776

Several flaws were found in the processing of malformed HTML mail 
content.  An HTML mail message containing malicious content could cause 
Thunderbird to crash or, potentially, execute arbitrary code as the user 
running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, 
CVE-2009-0774, CVE-2009-0775)

Several flaws were found in the way malformed content was processed. An
HTML mail message containing specially-crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776)

Note: JavaScript support is disabled by default in Thunderbird. None of
the above issues are exploitable unless JavaScript is enabled.

All running instances of Thunderbird must be restarted for the update to 
take effect.


SL 4.x

      SRPMS:
thunderbird-1.5.0.12-19.el4.src.rpm
      i386:
thunderbird-1.5.0.12-19.el4.i386.rpm
      x86_64:
thunderbird-1.5.0.12-19.el4.x86_64.rpm

SL 5.x

      SRPMS:
thunderbird-2.0.0.21-1.el5.src.rpm
      i386:
thunderbird-2.0.0.21-1.el5.i386.rpm
      x86_64:
thunderbird-2.0.0.21-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0352 Moderate: thunderbird SL4.x, SL5.x i386/x86_64

Moderate: thunderbird security update

Summary

Date:         Tue, 24 Mar 2009 16:10:22 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: thunderbird security updateIssue date:	2009-03-24CVE Names:	CVE-2009-0352 CVE-2009-0353 CVE-2009-0355                 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775                 CVE-2009-0776Several flaws were found in the processing of malformed HTML mail content.  An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)Several flaws were found in the way malformed content was processed. AnHTML mail message containing specially-crafted content could potentiallytrick a Thunderbird user into surrendering sensitive information.(CVE-2009-0355, CVE-2009-0776)Note: JavaScript support is disabled by default in Thunderbird. None ofthe above issues are exploitable unless JavaScript is enabled.All running instances of Thunderbird must be restarted for the update to take effect.SL 4.x      SRPMS:thunderbird-1.5.0.12-19.el4.src.rpm      i386:thunderbird-1.5.0.12-19.el4.i386.rpm      x86_64:thunderbird-1.5.0.12-19.el4.x86_64.rpmSL 5.x      SRPMS:thunderbird-2.0.0.21-1.el5.src.rpm      i386:thunderbird-2.0.0.21-1.el5.i386.rpm      x86_64:thunderbird-2.0.0.21-1.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News