English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 105790 CVE descriptions
and 56160 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3431
2007-11-16 00:41:13.448056
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 7
Version     : 2.0.0.9
Release     : 1.fc7
URL         : http://www.mozilla.org/projects/thunderbird/
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Updated thunderbird packages that fix several security bugs are now available for Fedora Core 7.

This update has been rated as having moderate security impact by the Fedora Security Response Team.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340)

Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334)

A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337)

A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)

Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.9-1
- Update to 2.0.0.9
* Wed Jul 25 2007 Martin Stransky <stransky@redhat.com> 2.0.0.5-2
- added ligature pango fix
* Fri Jul 20 2007 Kai Engert <kengert@redhat.com> - 2.0.0.5-1
- 2.0.0.5
* Fri Jun 15 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-1
- 2.0.0.4
* Fri Jun  8 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-0.rc1
- 2.0.0.4 rc1
--------------------------------------------------------------------------------
Updated packages:

7bb14b86dafeec69cf601052021e697362e95e2d thunderbird-debuginfo-2.0.0.9-1.fc7.ppc64.rpm
2443f00de62b39ca3c3ad2263ac29e327f6c7e7a thunderbird-2.0.0.9-1.fc7.ppc64.rpm
c475ecc57f82c36b80063319102b733f509a7023 thunderbird-debuginfo-2.0.0.9-1.fc7.i386.rpm
e70f1df09274e4d73f75ff1bff51b81fbc1ec4a7 thunderbird-2.0.0.9-1.fc7.i386.rpm
f3fe2a931beb160c87c342e4ce30278b506e2509 thunderbird-2.0.0.9-1.fc7.x86_64.rpm
da06571f6354e02a279e0f865ebd4072d0b64a0c thunderbird-debuginfo-2.0.0.9-1.fc7.x86_64.rpm
856939cfc3bbead10d211f37dfd9fb8ebcfc6bca thunderbird-2.0.0.9-1.fc7.ppc.rpm
b9a82af6dc6f2a619185ba61550e7d1412719c4b thunderbird-debuginfo-2.0.0.9-1.fc7.ppc.rpm
877f2a30eec4c894bfc9e2ba2be492a245af6b30 thunderbird-2.0.0.9-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update thunderbird' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.