Fedora Legacy Test Update Notification: thunderbird

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-189672
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189672
2006-05-25
---------------------------------------------------------------------

Name        : thunderbird
Versions    : fc3: thunderbird-1.0.8-1.1.fc3.4.legacy
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:

Updated thunderbird packages that fix several security bugs are now
available.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several bugs were found in the way Thunderbird processes malformed
javascript. A malicious HTML mail message could modify the content of a
different open HTML mail message, possibly stealing sensitive
information or conducting a cross-site scripting attack. Please note
that JavaScript support is disabled by default in Thunderbird.
(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Thunderbird processes certain
javascript actions. A malicious HTML mail message could execute
arbitrary javascript instructions with the permissions of 'chrome',
allowing the page to steal sensitive information or install browser
malware. Please note that JavaScript support is disabled by default in
Thunderbird. (CVE-2006-0292, CVE-2006-0296, CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735,
CVE-2006-1742)

Several bugs were found in the way Thunderbird processes malformed HTML
mail messages. A carefully crafted malicious HTML mail message could
cause the execution of arbitrary code as the user running Thunderbird.
(CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730,
CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)

A bug was found in the way Thunderbird processes certain inline content
in HTML mail messages. It may be possible for a remote attacker to send
a carefully crafted mail message to the victim, which will fetch remote
content, even if Thunderbird is configured not to fetch remote content.
(CVE-2006-1045)

A bug was found in the way Thunderbird executes in-line mail forwarding.
If a user can be tricked into forwarding a maliciously crafted mail
message as in-line content, it is possible for the message to execute
javascript with the permissions of "chrome". (CVE-2006-0884)

Users of Thunderbird are advised to upgrade to these updated packages
containing Thunderbird version 1.0.8, which is not vulnerable to these
issues.


---------------------------------------------------------------------
Changelogs

fc3:

* Mon May 15 2006 David Eisenstein <deisenst@xxxxxxx> 1.0.8-1.1.fc3.4.legacy
- Add buildrequires:  libgnome-devel, libbonobo-devel, GConf2-devel,
  gnome-vfs2-devel, glib2-devel, ORBit2-devel, popt

* Fri Apr 28 2006 David Eisenstein <deisenst@xxxxxxx> 1.0.8-1.1.fc3.2.legacy
- Add buildrequires - desktop-file-utils

* Tue Apr 25 2006 David Eisenstein <deisenst@xxxxxxx> 1.0.8-1.1.fc3.1.legacy
- Portions of the firefox-1.0-gcc4-compile.patch are already applied in
  the src tarball.  Remove those so remainder of patch will apply.

* Tue Apr 25 2006 David Eisenstein <deisenst@xxxxxxx> 1.0.8-1.1.fc3.legacy
- Update to 1.0.8, containing fixes for:
  CVE-2006-1731, CVE-2006-1732, CVE-2006-1741, CVE-2006-0292,
  CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733,
  CVE-2006-1734, CVE-2006-1735, CVE-2006-1742, CVE-2006-0749,
  CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738,
  CVE-2006-1739, CVE-2006-1790, CVE-2006-1045

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
f8af690feea54ca58a8844d165fa36f4663ae0b5
fedora/3/updates-testing/i386/thunderbird-1.0.8-1.1.fc3.4.legacy.i386.rpm
8fdfa93482e2a5de6c38e05a285e24360b12bbaa
fedora/3/updates-testing/x86_64/thunderbird-1.0.8-1.1.fc3.4.legacy.x86_64.rpm
b9b9cc2694512827633ecba95b8327b0efb68f40
fedora/3/updates-testing/SRPMS/thunderbird-1.0.8-1.1.fc3.4.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.


Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux