[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 5 Update: thunderbird-1.5.0.7-1.fc5



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-977
2006-09-14
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : thunderbird
Version     : 1.5.0.7
Release     : 1.fc5
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Two flaws were found in the way Thunderbird processed
certain regular expressions. A malicious HTML email could
cause a crash or possibly execute arbitrary code as the user
running Thunderbird. (CVE-2006-4565, CVE-2006-4566)

A flaw was found in the Thunderbird auto-update verification
system. An attacker who has the ability to spoof a victim's
DNS could get Firefox to download and install malicious
code. In order to exploit this issue an attacker would also
need to get a victim to previously accept an unverifiable
certificate. (CVE-2006-4567)

A flaw was found in the handling of JavaScript timed events.
A malicious HTML email could crash the browser or possibly
execute arbitrary code as the user running Thunderbird.
(CVE-2006-4253)

A flaw was found in Thunderbird that triggered when a HTML
message contained a remote image pointing to a XBL script.
An attacker could have created a carefully crafted message
which would execute JavaScript if certain actions were
performed on the email by the recipient, even if JavaScript
was disabled. (CVE-2006-4570)

A number of flaws were found in Thunderbird. A malicious
HTML email could cause a crash or possibly execute arbitrary
code as the user running Thunderbird. (CVE-2006-4571)

Users of Thunderbird are advised to upgrade to this update,
which contains Thunderbird version 1.5.0.7 that corrects
these issues.
---------------------------------------------------------------------
* Wed Sep 13 2006 Christopher Aillon <caillon redhat com> - 1.5.0.7-1
- Update to 1.5.0.7
* Tue Aug  8 2006 Kai Engert <kengert redhat com> - 1.5.0.5-1.1
- Update to 1.5.0.5
- Use dist tag
* Mon Jun 12 2006 Kai Engert <kengert redhat com> - 1.5.0.4-1.1.fc5
- Update to 1.5.0.4
- Fix desktop-file-utils requires

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

75f68ca61cdd79d0aa437ed2fefbebefd7987919  SRPMS/thunderbird-1.5.0.7-1.fc5.src.rpm
75f68ca61cdd79d0aa437ed2fefbebefd7987919  noarch/thunderbird-1.5.0.7-1.fc5.src.rpm
b7875918e8dc902d18c33ee63c45a2825fd31486  ppc/thunderbird-1.5.0.7-1.fc5.ppc.rpm
b4454dfd18a6a6e5761dd649e4f9f49b02874707  ppc/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.ppc.rpm
391cb8656008545923143f01f0375d9e2d7cedd4  x86_64/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.x86_64.rpm
f767cc6c205797572270b6e016cdb8bc0660e969  x86_64/thunderbird-1.5.0.7-1.fc5.x86_64.rpm
f8ad379e17361ae43287e71a7cf7a287bdaae951  i386/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.i386.rpm
18c9bd387ec2f0083d4215af084664de1e5e8f7b  i386/thunderbird-1.5.0.7-1.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]