Pardus: 2010-102: Thunderbird: Multiple
Posted by Benjamin D. Thomas   
Multiple Vulnerabilities have been fixed in Thunderbird.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-102           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-02
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple Vulnerabilities have been fixed in Thunderbird.


Description
==========
Accordingly to Mozilla, the following vulnerabilities have been  fixed.
Detailed information can be gathered at Mozilla Security Announce page.



MFSA 2010-47 Cross-origin data leakage from script  filename  in  error
messages

MFSA 2010-46 Cross-domain data theft using CSS

MFSA 2010-44 Characters mapped to  U+FFFD  in  8  bit  encodings  cause
subsequent character to vanish

MFSA 2010-43 Same-origin bypass using canvas context

MFSA  2010-42 Cross-origin  data  disclosure  via  Web   Workers   and
importScripts

MFSA 2010-41 Remote code execution using malformed PNG image

MFSA 2010-40 nsTreeSelection dangling  pointer  remote  code  execution
vulnerability

MFSA 2010-39 nsCSSValue::Array index integer overflow

MFSA 2010-38 Arbitrary  code  execution  using  SJOW  and  fast  native
function

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)


Affected packages:

  Pardus 2009:
    thunderbird, all before 3.1.1-54-11


Resolution
=========
There are update(s) for thunderbird. You can update  them  via  Package
Manager or with a single command from console:

    pisi up thunderbird

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id839
  * http://www.mozilla.org/security/announce/

------------------------------------------------------------------------