Subject: | |
From: | |
Reply To: | |
Date: | Tue, 24 Mar 2009 16:10:22 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: thunderbird security update
Issue date: 2009-03-24
CVE Names: CVE-2009-0352 CVE-2009-0353 CVE-2009-0355
CVE-2009-0772 CVE-2009-0774 CVE-2009-0775
CVE-2009-0776
Several flaws were found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code as the user
running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772,
CVE-2009-0774, CVE-2009-0775)
Several flaws were found in the way malformed content was processed. An
HTML mail message containing specially-crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776)
Note: JavaScript support is disabled by default in Thunderbird. None of
the above issues are exploitable unless JavaScript is enabled.
All running instances of Thunderbird must be restarted for the update to
take effect.
SL 4.x
SRPMS:
thunderbird-1.5.0.12-19.el4.src.rpm
i386:
thunderbird-1.5.0.12-19.el4.i386.rpm
x86_64:
thunderbird-1.5.0.12-19.el4.x86_64.rpm
SL 5.x
SRPMS:
thunderbird-2.0.0.21-1.el5.src.rpm
i386:
thunderbird-2.0.0.21-1.el5.i386.rpm
x86_64:
thunderbird-2.0.0.21-1.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|