Date:         Thu, 18 Mar 2010 12:27:24 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: thunderbird security update
Issue date:	2010-03-17
CVE Names:	CVE-2009-0689 CVE-2009-1571 CVE-2009-2462
                   CVE-2009-2463 CVE-2009-2466 CVE-2009-2470
                   CVE-2009-3072 CVE-2009-3075 CVE-2009-3076
                   CVE-2009-3077 CVE-2009-3274 CVE-2009-3376
                   CVE-2009-3380 CVE-2009-3979 CVE-2010-0159

Several flaws were found in the processing of malformed HTML mail 
content. An HTML mail message containing malicious content could cause 
Thunderbird to crash or, potentially, execute arbitrary code with the 
privileges of the user running Thunderbird. (CVE-2009-2462, 
CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, 
CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)

A use-after-free flaw was found in Thunderbird. An attacker could use 
this flaw to crash Thunderbird or, potentially, execute arbitrary code 
with the privileges of the user running Thunderbird. (CVE-2009-3077)

A heap-based buffer overflow flaw was found in the Thunderbird string to
floating point conversion routines. An HTML mail message containing
malicious JavaScript could crash Thunderbird or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2009-0689)

A use-after-free flaw was found in Thunderbird. Under low memory
conditions, viewing an HTML mail message containing malicious content 
could result in Thunderbird executing arbitrary code with the privileges 
of the user running Thunderbird. (CVE-2009-1571)

A flaw was found in the way Thunderbird created temporary file names for
downloaded files. If a local attacker knows the name of a file 
Thunderbird is going to download, they can replace the contents of that 
file with arbitrary contents. (CVE-2009-3274)

A flaw was found in the way Thunderbird displayed a right-to-left 
override character when downloading a file. In these cases, the name 
displayed in the title bar differed from the name displayed in the 
dialog body. An attacker could use this flaw to trick a user into 
downloading a file that has a file name or extension that is different 
from what the user expected. (CVE-2009-3376)

A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. 
A malicious SOCKS5 server could send a specially-crafted reply that 
would cause Thunderbird to crash. (CVE-2009-2470)

Descriptions in the dialogs when adding and removing PKCS #11 modules 
were not informative. An attacker able to trick a user into installing a
malicious PKCS #11 module could use this flaw to install their own
Certificate Authority certificates on a user's machine, making it 
possible to trick the user into believing they are viewing trusted 
content or, potentially, execute arbitrary code with the privileges of 
the user running Thunderbird. (CVE-2009-3076)

All running instances of Thunderbird must be restarted for the update to 
take effect.

SL 4.x

      SRPMS:
thunderbird-1.5.0.12-25.el4.src.rpm
      i386:
thunderbird-1.5.0.12-25.el4.i386.rpm
      x86_64:
thunderbird-1.5.0.12-25.el4.x86_64.rpm

SL 5.x

      SRPMS:
thunderbird-2.0.0.24-2.el5_4.src.rpm
      i386:
thunderbird-2.0.0.24-2.el5_4.i386.rpm
      x86_64:
thunderbird-2.0.0.24-2.el5_4.x86_64.rpm

-Connie Sieh
-Troy Dawson