Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6
Summary
Mozilla Thunderbird is a standalone mail and newsgroup client.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed
certain malformed JavaScript code. A malicious HTML email
message containing JavaScript code could cause Thunderbird
to crash or potentially execute arbitrary code as the user
running Thunderbird. JavaScript support is disabled by
default in Thunderbird; these issues are not exploitable
unless the user has enabled JavaScript. (CVE-2007-3089,
CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,
CVE-2007-3738)
Users of Thunderbird are advised to upgrade to these erratum
packages, which contain backported patches that correct
these issues.
- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12
- Update to latest snapshot of Mozilla 1.8.0 branch
- Include patches for Mozilla bugs 379245, 384925, 178993,
381300 (+382686), 358594 (+380933), 382532 (+382503)
19679f423d4041bff14fb1296301658dfc6ba2ba SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm
19679f423d4041bff14fb1296301658dfc6ba2ba noarch/thunderbird-1.5.0.12-2.fc6.src.rpm
67e87bd1475f0de8294cf57d976ec342bd8a7c5b ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm
98431b993e118b0fe00a2599e645a33ad6522c49 ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm
c2156643405b7c671a93a2264ab958fd5f0fd944 x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm
e3b6835f0a8f7eb4835c1302e967ed008ecd1575 x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm
bfeab692e49e51d7d0b541ca68965ab1500a6606 i386/thunderbird-1.5.0.12-2.fc6.i386.rpm
a0c642b01715286f1ced7a1f49a8d11b2f924577 i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at .
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2007-641 2007-07-20 Name : thunderbird Version : 1.5.0.12 Release : 2.fc6 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. - Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12 - Update to latest snapshot of Mozilla 1.8.0 branch - Include patches for Mozilla bugs 379245, 384925, 178993, 381300 (+382686), 358594 (+380933), 382532 (+382503) 19679f423d4041bff14fb1296301658dfc6ba2ba SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm 19679f423d4041bff14fb1296301658dfc6ba2ba noarch/thunderbird-1.5.0.12-2.fc6.src.rpm 67e87bd1475f0de8294cf57d976ec342bd8a7c5b ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm 98431b993e118b0fe00a2599e645a33ad6522c49 ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm c2156643405b7c671a93a2264ab958fd5f0fd944 x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm e3b6835f0a8f7eb4835c1302e967ed008ecd1575 x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm bfeab692e49e51d7d0b541ca68965ab1500a6606 i386/thunderbird-1.5.0.12-2.fc6.i386.rpm a0c642b01715286f1ced7a1f49a8d11b2f924577 i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References