LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-thun-20121015 (thunderbird)



From:
    	      Connie Sieh <csieh@fnal.gov> 


To:
    	      scientific <scientific-linux-errata@fnal.gov> 


Subject:
    	      Security ERRATA Critical: thunderbird on SL5.x, SL6.x i386/x86_64 


Date:
    	      Mon, 15 Oct 2012 16:33:53 -0500


Message-ID:
    	      <alpine.LRH.2.02.1210151633240.18386@dhcp-131-225-22-38.dhcp.fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:          Critical: thunderbird security update
Issue Date:        2012-10-12
CVE Numbers:       CVE-2012-4193
--

A flaw was found in the way Thunderbird handled security wrappers.
Malicious content could cause Thunderbird to execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2012-4193)

This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.

After installing the update, Thunderbird must be restarted for the changes to
take effect.
--

SL5
   x86_64
     thunderbird-10.0.8-2.el5_8.x86_64.rpm
   i386
     thunderbird-10.0.8-2.el5_8.i386.rpm
SL6
   x86_64
     thunderbird-10.0.8-2.el6_3.x86_64.rpm
   i386
     thunderbird-10.0.8-2.el6_3.i686.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds