LWN.net Logo

rPath alert rPSA-2006-0138-1 (thunderbird)

From:  "Justin M. Forbes" <jmforbes@rpath.com>
To:  security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:  rPSA-2006-0138-1 thunderbird
Date:  Thu, 27 Jul 2006 17:03:44 -0400
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net

rPath Security Advisory: 2006-0138-1 Published: 2006-07-27 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: User Deterministic Vulnerability Updated Versions: thunderbird=/conary.rpath.com@rpl:devel//1/1.5.0.5-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... https://issues.rpath.com/browse/RPL-537 http://www.mozilla.org/security/announce/2006/mfsa2006-44... http://www.mozilla.org/security/announce/2006/mfsa2006-46... http://www.mozilla.org/security/announce/2006/mfsa2006-47... http://www.mozilla.org/security/announce/2006/mfsa2006-48... http://www.mozilla.org/security/announce/2006/mfsa2006-49... http://www.mozilla.org/security/announce/2006/mfsa2006-50... http://www.mozilla.org/security/announce/2006/mfsa2006-51... http://www.mozilla.org/security/announce/2006/mfsa2006-52... http://www.mozilla.org/security/announce/2006/mfsa2006-53... http://www.mozilla.org/security/announce/2006/mfsa2006-54... http://www.mozilla.org/security/announce/2006/mfsa2006-55... Description: Previous versions of the thunderbird package have multiple vulnerabilities that are resolved in this version. Most of the vulnerabilities are applicable only if Javascript has been enabled for email; the Mozilla Foundation strongly recommends that Javascript always be disabled for email and thunderbird disables Javascript by default. One of the vulnerabilities can cause thunderbird to crash when reading a malformed vCard. The Mozilla Foundation has indicated that it is unlikely that this issue (MFSA-2006-49, CVE-2006-3804) can be used to enable unauthenticated remote access, but warns that similar classes of vulnerabilities have been exploited to enable unauthenticated remote access in the past.


(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds