Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: March 14th, 2010

Linux Advisory Watch: March 6th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-641
2007-07-20
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : thunderbird
Version     : 1.5.0.12
Release     : 2.fc6
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed
certain malformed JavaScript code. A malicious HTML email
message containing JavaScript code could cause Thunderbird
to crash or potentially execute arbitrary code as the user
running Thunderbird. JavaScript support is disabled by
default in Thunderbird; these issues are not exploitable
unless the user has enabled JavaScript. (CVE-2007-3089,
CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,
CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum
packages, which contain backported patches that correct
these issues.
---------------------------------------------------------------------
* Fri Jul 20 2007 Kai Engert  - 1.5.0.12-2
- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12
- Update to latest snapshot of Mozilla 1.8.0 branch
- Include patches for Mozilla bugs 379245, 384925, 178993,
  381300 (+382686), 358594 (+380933), 382532 (+382503)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

19679f423d4041bff14fb1296301658dfc6ba2ba  SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm
19679f423d4041bff14fb1296301658dfc6ba2ba  noarch/thunderbird-1.5.0.12-2.fc6.src.rpm
67e87bd1475f0de8294cf57d976ec342bd8a7c5b  ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm
98431b993e118b0fe00a2599e645a33ad6522c49  ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm
c2156643405b7c671a93a2264ab958fd5f0fd944  x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm
e3b6835f0a8f7eb4835c1302e967ed008ecd1575  x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm
bfeab692e49e51d7d0b541ca68965ab1500a6606  i386/thunderbird-1.5.0.12-2.fc6.i386.rpm
a0c642b01715286f1ced7a1f49a8d11b2f924577  i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce