Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

SciLinux: CVE-2012-4193 Critical: Thunderbird Remote Code Execution

Scientific Large Esm H446
Critical: thunderbird security update
Date: Mon, 15 Oct 2012 16:33:53 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Critical: thunderbird on SL5.x, SL6.x i386/x86_64
Comments: To: scientific 
MIME-Version: 1.0

Synopsis: Critical: thunderbird security update
Issue Date: 2012-10-12
CVE Numbers: CVE-2012-4193
--

A flaw was found in the way Thunderbird handled security wrappers.
Malicious content could cause Thunderbird to execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2012-4193)

This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.

After installing the update, Thunderbird must be restarted for the changes to
take effect.
--

SL5
 x86_64
 thunderbird-10.0.8-2.el5_8.x86_64.rpm
 i386
 thunderbird-10.0.8-2.el5_8.i386.rpm
SL6
 x86_64
 thunderbird-10.0.8-2.el6_3.x86_64.rpm
 i386
 thunderbird-10.0.8-2.el6_3.i686.rpm

- Scientific Linux Development Team
Your message here