Date:         Thu, 18 Mar 2010 12:27:24 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: thunderbird security update
Issue date:	2010-03-17
CVE Names:	CVE-2009-0689 CVE-2009-1571 CVE-2009-2462
                   CVE-2009-2463 CVE-2009-2466 CVE-2009-2470
                   CVE-2009-3072 CVE-2009-3075 CVE-2009-3076
                   CVE-2009-3077 CVE-2009-3274 CVE-2009-3376
                   CVE-2009-3380 CVE-2009-3979 CVE-2010-0159

Several flaws were found in the processing of malformed HTML mail 
content. An HTML mail message containing malicious content could cause 
Thunderbird to crash or, potentially, execute arbitrary code with the 
privileges of the user running Thunderbird. (CVE-2009-2462, 
CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, 
CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)

A use-after-free flaw was found in Thunderbird. An attacker could use 
this flaw to crash Thunderbird or, potentially, execute arbitrary code 
with the privileges of the user running Thunderbird. (CVE-2009-3077)

A heap-based buffer overflow flaw was found in the Thunderbird string to
floating point conversion routines. An HTML mail message containing
malicious JavaScript could crash Thunderbird or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2009-0689)

A use-after-free flaw was found in Thunderbird. Under low memory
conditions, viewing an HTML mail message containing malicious content 
could result in Thunderbird executing arbitrary code with the privileges 
of the user running Thunderbird. (CVE-2009-1571)

A flaw was found in the way Thunderbird created temporary file names for
downloaded files. If a local attacker knows the name of a file 
Thunderbird is going to download, they can replace the contents of that 
file with arbitrary contents. (CVE-2009-3274)

A flaw was found in the way Thunderbird displayed a right-to-left 
override character when downloading a file. In these cases, the name 
displayed in the title bar differed from the name displayed in the 
dialog body. An attacker could use this flaw to trick a user into 
downloading a file that has a file name or extension that is different 
from what the user expected. (CVE-2009-3376)

A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. 
A malicious SOCKS5 server could send a specially-crafted reply that 
would cause Thunderbird to crash. (CVE-2009-2470)

Descriptions in the dialogs when adding and removing PKCS #11 modules 
were not informative. An attacker able to trick a user into installing a
malicious PKCS #11 module could use this flaw to install their own
Certificate Authority certificates on a user's machine, making it 
possible to trick the user into believing they are viewing trusted 
content or, potentially, execute arbitrary code with the privileges of 
the user running Thunderbird. (CVE-2009-3076)

All running instances of Thunderbird must be restarted for the update to 
take effect.

SL 4.x

      SRPMS:
thunderbird-1.5.0.12-25.el4.src.rpm
      i386:
thunderbird-1.5.0.12-25.el4.i386.rpm
      x86_64:
thunderbird-1.5.0.12-25.el4.x86_64.rpm

SL 5.x

      SRPMS:
thunderbird-2.0.0.24-2.el5_4.src.rpm
      i386:
thunderbird-2.0.0.24-2.el5_4.i386.rpm
      x86_64:
thunderbird-2.0.0.24-2.el5_4.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0689 Moderate: thunderbird SL4.x, SL5.x i386/x86_64

Moderate: thunderbird security update

Summary

CVE-2009-3380 CVE-2009-3979 CVE-2010-0159Several flaws were found in the processing of malformed HTML mailcontent. An HTML mail message containing malicious content could causeThunderbird to crash or, potentially, execute arbitrary code with theprivileges of the user running Thunderbird. (CVE-2009-2462,CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075,CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)A use-after-free flaw was found in Thunderbird. An attacker could usethis flaw to crash Thunderbird or, potentially, execute arbitrary codewith the privileges of the user running Thunderbird. (CVE-2009-3077)A heap-based buffer overflow flaw was found in the Thunderbird string tofloating point conversion routines. An HTML mail message containingmalicious JavaScript could crash Thunderbird or, potentially, executearbitrary code with the privileges of the user running Thunderbird.(CVE-2009-0689)A use-after-free flaw was found in Thunderbird. Under low memoryconditions, viewing an HTML mail message containing malicious contentcould result in Thunderbird executing arbitrary code with the privilegesof the user running Thunderbird. (CVE-2009-1571)A flaw was found in the way Thunderbird created temporary file names fordownloaded files. If a local attacker knows the name of a fileThunderbird is going to download, they can replace the contents of thatfile with arbitrary contents. (CVE-2009-3274)A flaw was found in the way Thunderbird displayed a right-to-leftoverride character when downloading a file. In these cases, the namedisplayed in the title bar differed from the name displayed in thedialog body. An attacker could use this flaw to trick a user intodownloading a file that has a file name or extension that is differentfrom what the user expected. (CVE-2009-3376)A flaw was found in the way Thunderbird processed SOCKS5 proxy replies.A malicious SOCKS5 server could send a specially-crafted reply thatwould cause Thunderbird to crash. (CVE-2009-2470)Descriptions in the dialogs when adding and removing PKCS #11 moduleswere not informative. An attacker able to trick a user into installing amalicious PKCS #11 module could use this flaw to install their ownCertificate Authority certificates on a user's machine, making itpossible to trick the user into believing they are viewing trustedcontent or, potentially, execute arbitrary code with the privileges ofthe user running Thunderbird. (CVE-2009-3076)All running instances of Thunderbird must be restarted for the update totake effect.



Security Fixes

Severity
Issued Date: : 2010-03-17
CVE Names: CVE-2009-0689 CVE-2009-1571 CVE-2009-2462
CVE-2009-2463 CVE-2009-2466 CVE-2009-2470
CVE-2009-3072 CVE-2009-3075 CVE-2009-3076
CVE-2009-3077 CVE-2009-3274 CVE-2009-3376

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved