LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

September 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA September 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Critical: thunderbird on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Thu, 29 Sep 2011 10:42:10 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

Synopsis:    Critical: thunderbird security update
Issue Date:  2011-09-28
CVE Numbers: CVE-2011-2995
              CVE-2011-2999
              CVE-2011-3000
              CVE-2011-2372
              CVE-2011-2998


Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content. An
HTML mail message containing malicious content could cause Thunderbird 
to crash or, potentially, execute arbitrary code with the privileges of 
the user running Thunderbird. (CVE-2011-2995)

A flaw was found in the way Thunderbird processed the "Enter" keypress
event. A malicious HTML mail message could present a download dialog 
while the key is pressed, activating the default "Open" action. A remote 
attacker could exploit this vulnerability by causing the mail client to 
open malicious web content. (CVE-2011-2372)

A flaw was found in the way Thunderbird handled Location headers in
redirect responses. Two copies of this header with different values 
could be a symptom of a CRLF injection attack against a vulnerable 
server. Thunderbird now treats two copies of the Location, 
Content-Length, or Content-Disposition header as an error condition. 
(CVE-2011-3000)

A flaw was found in the way Thunderbird handled frame objects with 
certain names. An attacker could use this flaw to cause a plug-in to 
grant its content access to another site or the local file system, 
violating the same-origin policy. (CVE-2011-2999)

An integer underflow flaw was found in the way Thunderbird handled large
JavaScript regular expressions. An HTML mail message containing 
malicious JavaScript could cause Thunderbird to access already freed 
memory, causing Thunderbird to crash or, potentially, execute arbitrary 
code with the privileges of the user running Thunderbird. (CVE-2011-2998)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

SL6:
   i386
      thunderbird-3.1.15-1.el6_1.i686.rpm
      thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm
   x86_64
      thunderbird-3.1.15-1.el6_1.x86_64.rpm
      thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV