Synopsis: Moderate: thunderbird security update Issue date: 2007-10-19 CVE Names: CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) SL 3.0.x SRPMS: thunderbird-1.5.0.12-0.5.SL3.src.rpm i386: thunderbird-1.5.0.12-0.5.SL3.i386.rpm x86_64: thunderbird-1.5.0.12-0.5.SL3.i386.rpm thunderbird-1.5.0.12-0.5.SL3.x86_64.rpm SL 4.x SRPMS: thunderbird-1.5.0.12-0.5.el4.src.rpm i386: thunderbird-1.5.0.12-0.5.el4.i386.rpm x86_64: thunderbird-1.5.0.12-0.5.el4.i386.rpm thunderbird-1.5.0.12-0.5.el4.x86_64.rpm SL 5.x SRPMS: thunderbird-1.5.0.12-5.el5.src.rpm i386: thunderbird-1.5.0.12-5.el5.i386.rpm x86_64: thunderbird-1.5.0.12-5.el5.i386.rpm thunderbird-1.5.0.12-5.el5.x86_64.rpm -Connie Sieh -Troy Dawson