Technical Announcement: Thunderbird Vulnerability Alert CVE-2009-0689 - Moderate Risk

Date: Thu, 18 Mar 2010 12:27:24 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: thunderbird security update
Issue date:	2010-03-17
CVE Names:	CVE-2009-0689 CVE-2009-1571 CVE-2009-2462
 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470
 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076
 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376
 CVE-2009-3380 CVE-2009-3979 CVE-2010-0159

Several flaws were found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2009-2462,
CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075,
CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)

A use-after-free flaw was found in Thunderbird. An attacker could use
this flaw to crash Thunderbird or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird. (CVE-2009-3077)

A heap-based buffer overflow flaw was found in the Thunderbird string to
floating point conversion routines. An HTML mail message containing
malicious JavaScript could crash Thunderbird or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2009-0689)

A use-after-free flaw was found in Thunderbird. Under low memory
conditions, viewing an HTML mail message containing malicious content
could result in Thunderbird executing arbitrary code with the privileges
of the user running Thunderbird. (CVE-2009-1571)

A flaw was found in the way Thunderbird created temporary file names for
downloaded files. If a local attacker knows the name of a file
Thunderbird is going to download, they can replace the contents of that
file with arbitrary contents. (CVE-2009-3274)

A flaw was found in the way Thunderbird displayed a right-to-left
override character when downloading a file. In these cases, the name
displayed in the title bar differed from the name displayed in the
dialog body. An attacker could use this flaw to trick a user into
downloading a file that has a file name or extension that is different
from what the user expected. (CVE-2009-3376)

A flaw was found in the way Thunderbird processed SOCKS5 proxy replies.
A malicious SOCKS5 server could send a specially-crafted reply that
would cause Thunderbird to crash. (CVE-2009-2470)

Descriptions in the dialogs when adding and removing PKCS #11 modules
were not informative. An attacker able to trick a user into installing a
malicious PKCS #11 module could use this flaw to install their own
Certificate Authority certificates on a user's machine, making it
possible to trick the user into believing they are viewing trusted
content or, potentially, execute arbitrary code with the privileges of
the user running Thunderbird. (CVE-2009-3076)

All running instances of Thunderbird must be restarted for the update to
take effect.

SL 4.x

 SRPMS:
thunderbird-1.5.0.12-25.el4.src.rpm
 i386:
thunderbird-1.5.0.12-25.el4.i386.rpm
 x86_64:
thunderbird-1.5.0.12-25.el4.x86_64.rpm

SL 5.x

 SRPMS:
thunderbird-2.0.0.24-2.el5_4.src.rpm
 i386:
thunderbird-2.0.0.24-2.el5_4.i386.rpm
 x86_64:
thunderbird-2.0.0.24-2.el5_4.x86_64.rpm

-Connie Sieh
-Troy Dawson