LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2012-0246 (mozilla-thunderbird)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2012-0246:
 mozilla-thunderbird-10.0.7-1.mga1, mozilla-thunderbird-l10n-10.0.7-1.mga1
 (1/core), thunderbird-10.0.7-1.mga2, thunderbird-l10n-10.0.7-1.mga2
 (2/core) 


Date:
    	      Thu, 30 Aug 2012 11:24:33 +0200


Message-ID:
    	      <20120830092433.GA29767@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2012-0246
Date: 	August 30th, 2012
Affected releases: 	1, 2


Description:
Updated mozilla-thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird (CVE-2012-1970,
CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964).

Content containing a malicious Scalable Vector Graphics (SVG) image file
could cause Thunderbird to crash or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird (CVE-2012-3969,
(CVE-2012-3970).

Two flaws were found in the way Thunderbird rendered certain images using
WebGL. Malicious content could cause Thunderbird to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Thunderbird (CVE-2012-3967, CVE-2012-3968).

A flaw was found in the way Thunderbird decoded embedded bitmap images in
Icon Format (ICO) files. Content containing a malicious ICO file could
cause Thunderbird to crash or, under certain conditions, possibly execute
arbitrary code with the privileges of the user running Thunderbird
(CVE-2012-3966).

A flaw was found in the way the "eval" command was handled by the
Thunderbird Error Console. Running "eval" in the Error Console while
viewing malicious content could possibly cause Thunderbird to execute
arbitrary code with the privileges of the user running Thunderbird
(CVE-2012-3980).

An out-of-bounds memory read flaw was found in the way Thunderbird used
the format-number feature of XSLT (Extensible Stylesheet Language
Transformations). Malicious content could possibly cause an information
leak, or cause Thunderbird to crash (CVE-2012-3972).

A flaw was found in the location object implementation in Thunderbird.
Malicious content could use this flaw to possibly allow restricted
content to be loaded (CVE-2012-3978).


Updated Packages:
Mageia 1:
mozilla-thunderbird-10.0.7-1.mga1
mozilla-thunderbird-enigmail-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ar-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ca-10.0.7-1.mga1
mozilla-thunderbird-enigmail-cs-10.0.7-1.mga1
mozilla-thunderbird-enigmail-de-10.0.7-1.mga1
mozilla-thunderbird-enigmail-el-10.0.7-1.mga1
mozilla-thunderbird-enigmail-es-10.0.7-1.mga1
mozilla-thunderbird-enigmail-fi-10.0.7-1.mga1
mozilla-thunderbird-enigmail-fr-10.0.7-1.mga1
mozilla-thunderbird-enigmail-it-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ja-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ko-10.0.7-1.mga1
mozilla-thunderbird-enigmail-nb-10.0.7-1.mga1
mozilla-thunderbird-enigmail-nl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pt-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pt_BR-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ru-10.0.7-1.mga1
mozilla-thunderbird-enigmail-sl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-sv-10.0.7-1.mga1
mozilla-thunderbird-enigmail-tr-10.0.7-1.mga1
mozilla-thunderbird-enigmail-vi-10.0.7-1.mga1
mozilla-thunderbird-enigmail-zh_CN-10.0.7-1.mga1
mozilla-thunderbird-enigmail-zh_TW-10.0.7-1.mga1
mozilla-thunderbird-ar-10.0.7-1.mga1
mozilla-thunderbird-be-10.0.7-1.mga1
mozilla-thunderbird-bg-10.0.7-1.mga1
mozilla-thunderbird-bn_BD-10.0.7-1.mga1
mozilla-thunderbird-br-10.0.7-1.mga1
mozilla-thunderbird-ca-10.0.7-1.mga1
mozilla-thunderbird-cs-10.0.7-1.mga1
mozilla-thunderbird-da-10.0.7-1.mga1
mozilla-thunderbird-de-10.0.7-1.mga1
mozilla-thunderbird-el-10.0.7-1.mga1
mozilla-thunderbird-en_GB-10.0.7-1.mga1
mozilla-thunderbird-es_AR-10.0.7-1.mga1
mozilla-thunderbird-es_ES-10.0.7-1.mga1
mozilla-thunderbird-et-10.0.7-1.mga1
mozilla-thunderbird-eu-10.0.7-1.mga1
mozilla-thunderbird-fi-10.0.7-1.mga1
mozilla-thunderbird-fr-10.0.7-1.mga1
mozilla-thunderbird-fy-10.0.7-1.mga1
mozilla-thunderbird-ga-10.0.7-1.mga1
mozilla-thunderbird-gd-10.0.7-1.mga1
mozilla-thunderbird-gl-10.0.7-1.mga1
mozilla-thunderbird-he-10.0.7-1.mga1
mozilla-thunderbird-hu-10.0.7-1.mga1
mozilla-thunderbird-id-10.0.7-1.mga1
mozilla-thunderbird-is-10.0.7-1.mga1
mozilla-thunderbird-it-10.0.7-1.mga1
mozilla-thunderbird-ja-10.0.7-1.mga1
mozilla-thunderbird-ko-10.0.7-1.mga1
mozilla-thunderbird-lt-10.0.7-1.mga1
mozilla-thunderbird-nb_NO-10.0.7-1.mga1
mozilla-thunderbird-nl-10.0.7-1.mga1
mozilla-thunderbird-nn_NO-10.0.7-1.mga1
mozilla-thunderbird-pl-10.0.7-1.mga1
mozilla-thunderbird-pt_BR-10.0.7-1.mga1
mozilla-thunderbird-pt_PT-10.0.7-1.mga1
mozilla-thunderbird-ro-10.0.7-1.mga1
mozilla-thunderbird-ru-10.0.7-1.mga1
mozilla-thunderbird-si-10.0.7-1.mga1
mozilla-thunderbird-sk-10.0.7-1.mga1
mozilla-thunderbird-sl-10.0.7-1.mga1
mozilla-thunderbird-sq-10.0.7-1.mga1
mozilla-thunderbird-sv_SE-10.0.7-1.mga1
mozilla-thunderbird-ta_LK-10.0.7-1.mga1
mozilla-thunderbird-tr-10.0.7-1.mga1
mozilla-thunderbird-uk-10.0.7-1.mga1
mozilla-thunderbird-vi-10.0.7-1.mga1
mozilla-thunderbird-zh_CN-10.0.7-1.mga1
mozilla-thunderbird-zh_TW-10.0.7-1.mga1
nsinstall-10.0.7-1.mga1

Mageia 2:
thunderbird-10.0.7-1.mga2
thunderbird-enigmail-10.0.7-1.mga2
thunderbird-ar-10.0.7-1.mga2
thunderbird-ast-10.0.7-1.mga2
thunderbird-be-10.0.7-1.mga2
thunderbird-bg-10.0.7-1.mga2
thunderbird-bn_BD-10.0.7-1.mga2
thunderbird-br-10.0.7-1.mga2
thunderbird-ca-10.0.7-1.mga2
thunderbird-cs-10.0.7-1.mga2
thunderbird-da-10.0.7-1.mga2
thunderbird-de-10.0.7-1.mga2
thunderbird-el-10.0.7-1.mga2
thunderbird-en_GB-10.0.7-1.mga2
thunderbird-es_AR-10.0.7-1.mga2
thunderbird-es_ES-10.0.7-1.mga2
thunderbird-et-10.0.7-1.mga2
thunderbird-eu-10.0.7-1.mga2
thunderbird-fi-10.0.7-1.mga2
thunderbird-fr-10.0.7-1.mga2
thunderbird-fy-10.0.7-1.mga2
thunderbird-ga-10.0.7-1.mga2
thunderbird-gd-10.0.7-1.mga2
thunderbird-gl-10.0.7-1.mga2
thunderbird-he-10.0.7-1.mga2
thunderbird-hu-10.0.7-1.mga2
thunderbird-id-10.0.7-1.mga2
thunderbird-is-10.0.7-1.mga2
thunderbird-it-10.0.7-1.mga2
thunderbird-ja-10.0.7-1.mga2
thunderbird-ko-10.0.7-1.mga2
thunderbird-lt-10.0.7-1.mga2
thunderbird-nb_NO-10.0.7-1.mga2
thunderbird-nl-10.0.7-1.mga2
thunderbird-nn_NO-10.0.7-1.mga2
thunderbird-pl-10.0.7-1.mga2
thunderbird-pa_IN-10.0.7-1.mga2
thunderbird-pt_BR-10.0.7-1.mga2
thunderbird-pt_PT-10.0.7-1.mga2
thunderbird-ro-10.0.7-1.mga2
thunderbird-ru-10.0.7-1.mga2
thunderbird-si-10.0.7-1.mga2
thunderbird-sk-10.0.7-1.mga2
thunderbird-sl-10.0.7-1.mga2
thunderbird-sq-10.0.7-1.mga2
thunderbird-sv_SE-10.0.7-1.mga2
thunderbird-ta_LK-10.0.7-1.mga2
thunderbird-tr-10.0.7-1.mga2
thunderbird-uk-10.0.7-1.mga2
thunderbird-vi-10.0.7-1.mga2
thunderbird-zh_CN-10.0.7-1.mga2
thunderbird-zh_TW-10.0.7-1.mga2
nsinstall-10.0.7-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
http://www.mozilla.org/security/announce/2012/mfsa2012-57...
http://www.mozilla.org/security/announce/2012/mfsa2012-58...
http://www.mozilla.org/security/announce/2012/mfsa2012-61...
http://www.mozilla.org/security/announce/2012/mfsa2012-62...
http://www.mozilla.org/security/announce/2012/mfsa2012-63...
http://www.mozilla.org/security/announce/2012/mfsa2012-65...
http://www.mozilla.org/security/announce/2012/mfsa2012-70...
http://www.mozilla.org/security/announce/2012/mfsa2012-72...
https://rhn.redhat.com/errata/RHSA-2012-1211.html
https://bugs.mageia.org/show_bug.cgi?id=7210
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds