SciLinux: CVE-2009-0352 Moderate: thunderbird SL4.x, SL5.x i386/x86_64
Summary
Date: Tue, 24 Mar 2009 16:10:22 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: thunderbird security updateIssue date: 2009-03-24CVE Names: CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)Several flaws were found in the way malformed content was processed. AnHTML mail message containing specially-crafted content could potentiallytrick a Thunderbird user into surrendering sensitive information.(CVE-2009-0355, CVE-2009-0776)Note: JavaScript support is disabled by default in Thunderbird. None ofthe above issues are exploitable unless JavaScript is enabled.All running instances of Thunderbird must be restarted for the update to take effect.SL 4.x SRPMS:thunderbird-1.5.0.12-19.el4.src.rpm i386:thunderbird-1.5.0.12-19.el4.i386.rpm x86_64:thunderbird-1.5.0.12-19.el4.x86_64.rpmSL 5.x SRPMS:thunderbird-2.0.0.21-1.el5.src.rpm i386:thunderbird-2.0.0.21-1.el5.i386.rpm x86_64:thunderbird-2.0.0.21-1.el5.x86_64.rpm-Connie Sieh-Troy Dawson