Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Scientific Linux: Thunderbird Critical Update CVE-2013-0769 - Flaw Threat

Scientific Large Esm H446
Critical: thunderbird security update
Date: Thu, 10 Jan 2013 10:02:24 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Critical: thunderbird on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: thunderbird security update
Issue Date: 2013-01-08
CVE Numbers: CVE-2013-0769
 CVE-2013-0762
 CVE-2013-0766
 CVE-2013-0767
 CVE-2013-0759
 CVE-2013-0744
 CVE-2013-0746
 CVE-2013-0748
 CVE-2013-0750
 CVE-2013-0758
 CVE-2013-0753
 CVE-2013-0754
--

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2013-0744,
CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762,
CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)

A flaw was found in the way Chrome Object Wrappers were implemented.
Malicious
content could be used to cause Thunderbird to execute arbitrary code via
plug-
ins installed in Thunderbird. (CVE-2013-0758)

A flaw in the way Thunderbird displayed URL values could allow malicious
content or a user to perform a phishing attack. (CVE-2013-0759)

An information disclosure flaw was found in the way certain JavaScript
functions were implemented in Thunderbird. An attacker could use this
flaw to
bypass Address Space Layout Randomization (ASLR) and other security
restrictions. (CVE-2013-0748)

Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754
cannot
be exploited by a specially-crafted HTML mail message as JavaScript is
disabled
by default for mail messages. They could be exploited another way in
Thunderbird, for example, when viewing the full remote content of an RSS
feed.

After installing the update, Thunderbird must be restarted for the changes
to take effect.
--

SL5
 x86_64
 thunderbird-10.0.12-3.el5_9.x86_64.rpm
 thunderbird-debuginfo-10.0.12-3.el5_9.x86_64.rpm
 i386
 thunderbird-10.0.12-3.el5_9.i386.rpm
 thunderbird-debuginfo-10.0.12-3.el5_9.i386.rpm
SL6
 x86_64
 thunderbird-10.0.12-3.el6_3.x86_64.rpm
 thunderbird-debuginfo-10.0.12-3.el6_3.x86_64.rpm
 i386
 thunderbird-10.0.12-3.el6_3.i686.rpm
 thunderbird-debuginfo-10.0.12-3.el6_3.i686.rpm

- Scientific Linux Development Team
Your message here