Synopsis: Moderate: thunderbird security update
Issue date: 2008-04-30
CVE Names: CVE-2008-1380
A flaw was found in the processing of malformed JavaScript content. An HTML
mail message containing such malicious content could cause Thunderbird to
crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-1380)
Note: JavaScript support is disabled by default in Thunderbird; the above
issue is not exploitable unless JavaScript is enabled.
SL 4.x
SRPMS:
thunderbird-1.5.0.12-11.el4.src.rpm
i386:
thunderbird-1.5.0.12-11.el4.i386.rpm
x86_64:
thunderbird-1.5.0.12-11.el4.x86_64.rpm
SL 5.x
SRPMS:
thunderbird-1.5.0.12-12.el5_1.src.rpm
i386:
thunderbird-1.5.0.12-12.el5.i386.rpm
x86_64:
thunderbird-1.5.0.12-12.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson