Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatecode execution

SciLinux: 2010-10-19 Moderate: Thunderbird Code Execution Risk

Moderate: thunderbird security update. Date: Wed, 20 Oct 2010 13:34:12 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: thunderbird security update Issue date: 2010-10-19 CVE Names: CVE-2010-3176 CVE-2010-3180 CVE-2010-3182 Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3176, CVE-2010-3180) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182) All running instances of Thunderbird must be restarted for the update to take effect. SL 4.x SRPMS: thunderbird-1.5.0.12-31.el4.src.rpm i386: thunderbird-1.5.0.12-31.el4.i386.rpm x86_64: thunderbird-1.5.0.12-31.el4.x86_64.rpm SL 5.x SRPMS: thunderbird-2.0.0.24-9.el5.src.rpm i386: thunderbird-2.0.0.24-9.el5.i386.rpm x86_64: thunderbird-2.0.0.24-9.el5.x86_64.rpm -Connie Sieh -Troy Dawson . A recent Thunderbird security patch tackles vulnerabilities associated with HTML email handling, mitigating potential code execution threats.. Thunderbird Security Update, Scientific Linux Advisory, Moderate Threat, HTML Content Exploit. . LinuxSecurity.com Team

Calendar 2 Oct 20, 2010 Scientific Linux
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatethunderbird

Scientific Linux 5.x Moderate: ThunderBird Security Fix

Moderate: thunderbird security update. Date: Wed, 21 Jul 2010 13:23:31 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: thunderbird on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: thunderbird security update Issue date: 2010-07-20 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754 Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker toserve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All running instances of Thunderbird must be restarted for the update to take effect. SL 5.x SRPMS: thunderbird-1.5.0.12-28.el4.src.rpm i386: thunderbird-2.0.0.24-6.el5.i386.rpm x86_64: thunderbird-2.0.0.24-6.el5.x86_64.rpm -Connie Sieh -Troy Dawson . Update on Significant ThunderBird Security Concern for Scientific Linux: SL5.x i386/x86_64.. thunderbird security update, moderate security advisory, scientific linux security. . LinuxSecurity.com Team

Calendar 2 Jul 21, 2010 Scientific Linux
Banner 1 1028x280 1708121660 1771599717
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatebuffer overflow

Technical Announcement: Thunderbird Vulnerability Alert CVE-2009-0689 - Moderate Risk

Moderate: thunderbird security update. Date: Thu, 18 Mar 2010 12:27:24 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: thunderbird on SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: thunderbird security update Issue date: 2010-03-17 CVE Names: CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3979 CVE-2010-0159 Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed aright-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially-crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All running instances of Thunderbird must be restarted for the update to take effect. SL 4.x SRPMS: thunderbird-1.5.0.12-25.el4.src.rpm i386: thunderbird-1.5.0.12-25.el4.i386.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm SL 5.x SRPMS: thunderbird-2.0.0.24-2.el5_4.src.rpm i386: thunderbird-2.0.0.24-2.el5_4.i386.rpm x86_64: thunderbird-2.0.0.24-2.el5_4.x86_64.rpm -Connie Sieh -Troy Dawson . A newly released security patch for Thunderbird on Scientific Linux resolves multiple vulnerabilities that could lead to system instability and allow for the unauthorized execution of code.. Thunderbird Security Update, SL4.x Update, SL5.x Advisory, Security Issues, HTML Mail Risks. . LinuxSecurity.com Team

Calendar 2 Mar 18, 2010 Scientific Linux
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedora corethunderbird

Fedora Core 3: 2005-604 Critical: Mozilla Thunderbird Email Exploit

Fix various security related bugs.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-604 2005-07-20 ---------------------------------------------------------------------Product : Fedora Core 3 Name : thunderbird Version : 1.0.6 Release : 1.1.fc3 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. ---------------------------------------------------------------------Update Information: Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and Exposures project has assigned this bug the name CAN-2005-0989. A bug was found in the way Thunderbird validated several XPInstall related JavaScript objects. A malicious HTML mail could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159) A bug was found in the way the Thunderbird privileged UI code handled DOM nodes from the content window. An HTML message could install malicious JavaScript code or steal data when a user performs commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160) A bug was found in the way Thunderbird executed JavaScript code. JavaScript executed from HTML mail should run with a restricted access level, preventing dangerous actions. It is possible that a malicious HTML mail could execute JavaScript code with elevated privileges, allowing access to protected data and functions. (CAN-2005-1532) A bug was found in the way Thunderbird executed Javascript in XBL controls. It is possible for a malicious HTML mail to leverage this vulnerability to execute otherJavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Thunderbird handled certain Javascript functions. It is possible for a malicious HTML mail to crash the client by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Thunderbird handled child frames. It is possible for a malicious framed HTML mail to steal sensitive information from its parent frame. (CAN-2005-2266) A bug was found in the way Thunderbird handled DOM node names. It is possible for a malicious HTML mail to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269) A bug was found in the way Thunderbird cloned base objects. It is possible for HTML content to navigate up the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.6 and is not vulnerable to these issues. ---------------------------------------------------------------------* Wed Jul 20 2005 Christopher Aillon 1.0.6-1.1.fc3 - Update to 1.0.6 * Mon Jul 18 2005 Christopher Aillon 1.0.6-0.1.fc3 - 1.0.6 Release Candidate ---------------------------------------------------------------------This update can be downloaded from: e060dd6ce427541531cc40c28a678643 SRPMS/thunderbird-1.0.6-1.1.fc3.src.rpm 617b9df6931ff067e896d29399849df0 x86_64/thunderbird-1.0.6-1.1.fc3.x86_64.rpm 8bcb33b02ad164e499e4109dc6909caa x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.x86_64.rpm 2781375f4ff5c6280692d573787f5064 i386/thunderbird-1.0.6-1.1.fc3.i386.rpm 774d64ba857b9c430c3ae87471bc68f6 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. . Resolving several issues in Thunderbird on Fedora Core 3, bolstering email security to defend against diverse threats.. Thunderbird Update, Email Security Fixes, JavaScript Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 20, 2005 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here