Date:         Wed, 21 Jul 2010 13:28:30 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: thunderbird on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: thunderbird security update
Issue date:	2010-07-20
CVE Names:	CVE-2010-0174 CVE-2010-0175 CVE-2010-0176
                   CVE-2010-0177 CVE-2010-1197 CVE-2010-1198
                   CVE-2010-1199 CVE-2010-1200 CVE-2010-1205
                   CVE-2010-1211 CVE-2010-1214 CVE-2010-2753
                   CVE-2010-2754

A memory corruption flaw was found in the way Thunderbird decoded 
certain PNG images. An attacker could create a mail message containing a
specially-crafted PNG image that, when opened, could cause Thunderbird 
to crash or, potentially, execute arbitrary code with the privileges of 
the user running Thunderbird. (CVE-2010-1205)

Several flaws were found in the processing of malformed HTML mail 
content. An HTML mail message containing malicious content could cause 
Thunderbird to crash or, potentially, execute arbitrary code with the 
privileges of the user running Thunderbird. (CVE-2010-0174, 
CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)

An integer overflow flaw was found in the processing of malformed HTML 
mail content. An HTML mail message containing malicious content could 
cause Thunderbird to crash or, potentially, execute arbitrary code with 
the privileges of the user running Thunderbird. (CVE-2010-1199)

Several use-after-free flaws were found in Thunderbird. Viewing an HTML
mail message containing malicious content could result in Thunderbird
executing arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

A flaw was found in the way Thunderbird plug-ins interact. It was 
possible for a plug-in to reference the freed memory from a different 
plug-in, resulting in the execution of arbitrary code with the 
privileges of the user running Thunderbird. (CVE-2010-1198)

A flaw was found in the way Thunderbird handled the 
"Content-Disposition: attachment" HTTP header when the "Content-Type: 
multipart" HTTP header was also present. Loading remote HTTP content 
that allows arbitrary uploads and relies on the "Content-Disposition: 
attachment" HTTP header to prevent content from being displayed inline, 
could be used by an attacker to serve malicious content to users. 
(CVE-2010-1197)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML
content could steal private data from different remote HTML content
Thunderbird has loaded. (CVE-2010-2754)

All running instances of Thunderbird must be restarted for the update to 
take effect.

SL 5.x

     SRPMS:
thunderbird-2.0.0.24-6.el5.src.rpm
     i386:
thunderbird-2.0.0.24-6.el5.i386.rpm
     x86_64:
thunderbird-2.0.0.24-6.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2010-0174 Critical: thunderbird SL5.x i386/x86_64

Critical: thunderbird security update

Summary

CVE-2010-2754A memory corruption flaw was found in the way Thunderbird decodedcertain PNG images. An attacker could create a mail message containing aspecially-crafted PNG image that, when opened, could cause Thunderbirdto crash or, potentially, execute arbitrary code with the privileges ofthe user running Thunderbird. (CVE-2010-1205)Several flaws were found in the processing of malformed HTML mailcontent. An HTML mail message containing malicious content could causeThunderbird to crash or, potentially, execute arbitrary code with theprivileges of the user running Thunderbird. (CVE-2010-0174,CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753)An integer overflow flaw was found in the processing of malformed HTMLmail content. An HTML mail message containing malicious content couldcause Thunderbird to crash or, potentially, execute arbitrary code withthe privileges of the user running Thunderbird. (CVE-2010-1199)Several use-after-free flaws were found in Thunderbird. Viewing an HTMLmail message containing malicious content could result in Thunderbirdexecuting arbitrary code with the privileges of the user runningThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)A flaw was found in the way Thunderbird plug-ins interact. It waspossible for a plug-in to reference the freed memory from a differentplug-in, resulting in the execution of arbitrary code with theprivileges of the user running Thunderbird. (CVE-2010-1198)A flaw was found in the way Thunderbird handled the"Content-Disposition: attachment" HTTP header when the "Content-Type:multipart" HTTP header was also present. Loading remote HTTP contentthat allows arbitrary uploads and relies on the "Content-Disposition:attachment" HTTP header to prevent content from being displayed inline,could be used by an attacker to serve malicious content to users.(CVE-2010-1197)A same-origin policy bypass flaw was found in Thunderbird. Remote HTMLcontent could steal private data from different remote HTML contentThunderbird has loaded. (CVE-2010-2754)All running instances of Thunderbird must be restarted for the update totake effect.SL 5.xSRPMS:thunderbird-2.0.0.24-6.el5.src.rpmi386:thunderbird-2.0.0.24-6.el5.i386.rpmx86_64:thunderbird-2.0.0.24-6.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity
Issued Date: : 2010-07-20
CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176
CVE-2010-0177 CVE-2010-1197 CVE-2010-1198
CVE-2010-1199 CVE-2010-1200 CVE-2010-1205
CVE-2010-1211 CVE-2010-1214 CVE-2010-2753

Related News