---------------------------------------------------------------------Fedora Update Notification
FEDORA-2007-641
2007-07-20
---------------------------------------------------------------------Product     : Fedora Core 6
Name        : thunderbird
Version     : 1.5.0.12
Release     : 2.fc6
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed
certain malformed JavaScript code. A malicious HTML email
message containing JavaScript code could cause Thunderbird
to crash or potentially execute arbitrary code as the user
running Thunderbird. JavaScript support is disabled by
default in Thunderbird; these issues are not exploitable
unless the user has enabled JavaScript. (CVE-2007-3089,
CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,
CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum
packages, which contain backported patches that correct
these issues.
---------------------------------------------------------------------* Fri Jul 20 2007 Kai Engert  - 1.5.0.12-2
- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12
- Update to latest snapshot of Mozilla 1.8.0 branch
- Include patches for Mozilla bugs 379245, 384925, 178993,
  381300 (+382686), 358594 (+380933), 382532 (+382503)

---------------------------------------------------------------------This update can be downloaded from:
    
19679f423d4041bff14fb1296301658dfc6ba2ba  SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm
19679f423d4041bff14fb1296301658dfc6ba2ba  noarch/thunderbird-1.5.0.12-2.fc6.src.rpm
67e87bd1475f0de8294cf57d976ec342bd8a7c5b  ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm
98431b993e118b0fe00a2599e645a33ad6522c49  ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm
c2156643405b7c671a93a2264ab958fd5f0fd944  x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm
e3b6835f0a8f7eb4835c1302e967ed008ecd1575  x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm
bfeab692e49e51d7d0b541ca68965ab1500a6606  i386/thunderbird-1.5.0.12-2.fc6.i386.rpm
a0c642b01715286f1ced7a1f49a8d11b2f924577  i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
---------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6

July 20, 2007
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code

Summary

Mozilla Thunderbird is a standalone mail and newsgroup client.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed

certain malformed JavaScript code. A malicious HTML email

message containing JavaScript code could cause Thunderbird

to crash or potentially execute arbitrary code as the user

running Thunderbird. JavaScript support is disabled by

default in Thunderbird; these issues are not exploitable

unless the user has enabled JavaScript. (CVE-2007-3089,

CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,

CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum

packages, which contain backported patches that correct

these issues.

- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12

- Update to latest snapshot of Mozilla 1.8.0 branch

- Include patches for Mozilla bugs 379245, 384925, 178993,

381300 (+382686), 358594 (+380933), 382532 (+382503)

19679f423d4041bff14fb1296301658dfc6ba2ba SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm

19679f423d4041bff14fb1296301658dfc6ba2ba noarch/thunderbird-1.5.0.12-2.fc6.src.rpm

67e87bd1475f0de8294cf57d976ec342bd8a7c5b ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm

98431b993e118b0fe00a2599e645a33ad6522c49 ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm

c2156643405b7c671a93a2264ab958fd5f0fd944 x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm

e3b6835f0a8f7eb4835c1302e967ed008ecd1575 x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm

bfeab692e49e51d7d0b541ca68965ab1500a6606 i386/thunderbird-1.5.0.12-2.fc6.i386.rpm

a0c642b01715286f1ced7a1f49a8d11b2f924577 i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2007-641 2007-07-20 Name : thunderbird Version : 1.5.0.12 Release : 2.fc6 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. - Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12 - Update to latest snapshot of Mozilla 1.8.0 branch - Include patches for Mozilla bugs 379245, 384925, 178993, 381300 (+382686), 358594 (+380933), 382532 (+382503) 19679f423d4041bff14fb1296301658dfc6ba2ba SRPMS/thunderbird-1.5.0.12-2.fc6.src.rpm 19679f423d4041bff14fb1296301658dfc6ba2ba noarch/thunderbird-1.5.0.12-2.fc6.src.rpm 67e87bd1475f0de8294cf57d976ec342bd8a7c5b ppc/thunderbird-1.5.0.12-2.fc6.ppc.rpm 98431b993e118b0fe00a2599e645a33ad6522c49 ppc/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.ppc.rpm c2156643405b7c671a93a2264ab958fd5f0fd944 x86_64/thunderbird-1.5.0.12-2.fc6.x86_64.rpm e3b6835f0a8f7eb4835c1302e967ed008ecd1575 x86_64/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.x86_64.rpm bfeab692e49e51d7d0b541ca68965ab1500a6606 i386/thunderbird-1.5.0.12-2.fc6.i386.rpm a0c642b01715286f1ced7a1f49a8d11b2f924577 i386/debug/thunderbird-debuginfo-1.5.0.12-2.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Name : thunderbird
Version : 1.5.0.12
Release : 2.fc6
Summary : Mozilla Thunderbird mail/newsgroup client

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved