LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rPath alert rPSA-2006-0138-1 (thunderbird)



From:
    	      "Justin M. Forbes" <jmforbes@rpath.com>


To:
    	      security-announce@lists.rpath.com, update-announce@lists.rpath.com


Subject:
    	      rPSA-2006-0138-1 thunderbird


Date:
    	      Thu, 27 Jul 2006 17:03:44 -0400


Cc:
    	      full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net


rPath Security Advisory: 2006-0138-1
Published: 2006-07-27
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    User Deterministic Vulnerability
Updated Versions:
    thunderbird=/conary.rpath.com@rpl:devel//1/1.5.0.5-1-0.1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    https://issues.rpath.com/browse/RPL-537
    http://www.mozilla.org/security/announce/2006/mfsa2006-44...
    http://www.mozilla.org/security/announce/2006/mfsa2006-46...
    http://www.mozilla.org/security/announce/2006/mfsa2006-47...
    http://www.mozilla.org/security/announce/2006/mfsa2006-48...
    http://www.mozilla.org/security/announce/2006/mfsa2006-49...
    http://www.mozilla.org/security/announce/2006/mfsa2006-50...
    http://www.mozilla.org/security/announce/2006/mfsa2006-51...
    http://www.mozilla.org/security/announce/2006/mfsa2006-52...
    http://www.mozilla.org/security/announce/2006/mfsa2006-53...
    http://www.mozilla.org/security/announce/2006/mfsa2006-54...
    http://www.mozilla.org/security/announce/2006/mfsa2006-55...

Description:
    Previous versions of the thunderbird package have multiple
    vulnerabilities that are resolved in this version.  Most of
    the vulnerabilities are applicable only if Javascript has been
    enabled for email; the Mozilla Foundation strongly recommends
    that Javascript always be disabled for email and thunderbird
    disables Javascript by default.  One of the vulnerabilities
    can cause thunderbird to crash when reading a malformed vCard.
    The Mozilla Foundation has indicated that it is unlikely that
    this issue (MFSA-2006-49, CVE-2006-3804) can be used to enable
    unauthenticated remote access, but warns that similar classes
    of vulnerabilities have been exploited to enable unauthenticated
    remote access in the past.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds