| |||||||||||||
Fedora alert FEDORA-2006-977 (thunderbird)
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-977 2006-09-14 --------------------------------------------------------------------- Product : Fedora Core 5 Name : thunderbird Version : 1.5.0.7 Release : 1.fc5 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. --------------------------------------------------------------------- Update Information: Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567) A flaw was found in the handling of JavaScript timed events. A malicious HTML email could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4253) A flaw was found in Thunderbird that triggered when a HTML message contained a remote image pointing to a XBL script. An attacker could have created a carefully crafted message which would execute JavaScript if certain actions were performed on the email by the recipient, even if JavaScript was disabled. (CVE-2006-4570) A number of flaws were found in Thunderbird. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4571) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.7 that corrects these issues. --------------------------------------------------------------------- * Wed Sep 13 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-1 - Update to 1.5.0.7 * Tue Aug 8 2006 Kai Engert <kengert@redhat.com> - 1.5.0.5-1.1 - Update to 1.5.0.5 - Use dist tag * Mon Jun 12 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.1.fc5 - Update to 1.5.0.4 - Fix desktop-file-utils requires --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/u... 75f68ca61cdd79d0aa437ed2fefbebefd7987919 SRPMS/thunderbird-1.5.0.7-1.fc5.src.rpm 75f68ca61cdd79d0aa437ed2fefbebefd7987919 noarch/thunderbird-1.5.0.7-1.fc5.src.rpm b7875918e8dc902d18c33ee63c45a2825fd31486 ppc/thunderbird-1.5.0.7-1.fc5.ppc.rpm b4454dfd18a6a6e5761dd649e4f9f49b02874707 ppc/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.ppc.rpm 391cb8656008545923143f01f0375d9e2d7cedd4 x86_64/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.x86_64.rpm f767cc6c205797572270b6e016cdb8bc0660e969 x86_64/thunderbird-1.5.0.7-1.fc5.x86_64.rpm f8ad379e17361ae43287e71a7cf7a287bdaae951 i386/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.i386.rpm 18c9bd387ec2f0083d4215af084664de1e5e8f7b i386/thunderbird-1.5.0.7-1.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
|||||||||||||