LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0109 (thunderbird)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0109: thunderbird-17.0.5-1.mga2
 (2/core) 


Date:
    	      Thu, 4 Apr 2013 23:35:13 +0200


Message-ID:
    	      <20130404213513.GA9159@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0109
Date: 	April 4th, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed content.
Malicious content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2013-0788).

A flaw was found in the way Same Origin Wrappers were implemented in
Thunderbird. Malicious content could use this flaw to bypass the
same-origin policy and execute arbitrary code with the privileges of the
user running Thunderbird (CVE-2013-0795).

A flaw was found in the embedded WebGL library in Thunderbird. Malicious
content could cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
Note: This issue only affected systems using the Intel Mesa graphics
drivers (CVE-2013-0796).

An out-of-bounds write flaw was found in the embedded Cairo library in
Thunderbird. Malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user
running Thunderbird (CVE-2013-0800).

A flaw was found in the way Thunderbird handled the JavaScript history
functions. Malicious content could cause a page to be displayed that
has a baseURI pointing to a different site, allowing cross-site
scripting (XSS) and phishing attacks (CVE-2013-0793).


Updated Packages:
i586:
nsinstall-17.0.5-1.mga2.i586.rpm
thunderbird-17.0.5-1.mga2.i586.rpm
thunderbird-enigmail-17.0.5-1.mga2.i586.rpm
thunderbird-debug-17.0.5-1.mga2.i586.rpm
thunderbird-ar-17.0.5-1.mga2.noarch.rpm
thunderbird-ast-17.0.5-1.mga2.noarch.rpm
thunderbird-be-17.0.5-1.mga2.noarch.rpm
thunderbird-bg-17.0.5-1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.5-1.mga2.noarch.rpm
thunderbird-br-17.0.5-1.mga2.noarch.rpm
thunderbird-ca-17.0.5-1.mga2.noarch.rpm
thunderbird-cs-17.0.5-1.mga2.noarch.rpm
thunderbird-da-17.0.5-1.mga2.noarch.rpm
thunderbird-de-17.0.5-1.mga2.noarch.rpm
thunderbird-el-17.0.5-1.mga2.noarch.rpm
thunderbird-en_GB-17.0.5-1.mga2.noarch.rpm
thunderbird-es_AR-17.0.5-1.mga2.noarch.rpm
thunderbird-es_ES-17.0.5-1.mga2.noarch.rpm
thunderbird-et-17.0.5-1.mga2.noarch.rpm
thunderbird-eu-17.0.5-1.mga2.noarch.rpm
thunderbird-fi-17.0.5-1.mga2.noarch.rpm
thunderbird-fr-17.0.5-1.mga2.noarch.rpm
thunderbird-fy-17.0.5-1.mga2.noarch.rpm
thunderbird-ga-17.0.5-1.mga2.noarch.rpm
thunderbird-gd-17.0.5-1.mga2.noarch.rpm
thunderbird-gl-17.0.5-1.mga2.noarch.rpm
thunderbird-he-17.0.5-1.mga2.noarch.rpm
thunderbird-hu-17.0.5-1.mga2.noarch.rpm
thunderbird-id-17.0.5-1.mga2.noarch.rpm
thunderbird-is-17.0.5-1.mga2.noarch.rpm
thunderbird-it-17.0.5-1.mga2.noarch.rpm
thunderbird-ja-17.0.5-1.mga2.noarch.rpm
thunderbird-ko-17.0.5-1.mga2.noarch.rpm
thunderbird-lt-17.0.5-1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-nl-17.0.5-1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.5-1.mga2.noarch.rpm
thunderbird-pl-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.5-1.mga2.noarch.rpm
thunderbird-ro-17.0.5-1.mga2.noarch.rpm
thunderbird-ru-17.0.5-1.mga2.noarch.rpm
thunderbird-si-17.0.5-1.mga2.noarch.rpm
thunderbird-sk-17.0.5-1.mga2.noarch.rpm
thunderbird-sl-17.0.5-1.mga2.noarch.rpm
thunderbird-sq-17.0.5-1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.5-1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.5-1.mga2.noarch.rpm
thunderbird-tr-17.0.5-1.mga2.noarch.rpm
thunderbird-uk-17.0.5-1.mga2.noarch.rpm
thunderbird-vi-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.5-1.mga2.noarch.rpm

x86_64:
nsinstall-17.0.5-1.mga2.x86_64.rpm
thunderbird-17.0.5-1.mga2.x86_64.rpm
thunderbird-enigmail-17.0.5-1.mga2.x86_64.rpm
thunderbird-debug-17.0.5-1.mga2.x86_64.rpm
thunderbird-ar-17.0.5-1.mga2.noarch.rpm
thunderbird-ast-17.0.5-1.mga2.noarch.rpm
thunderbird-be-17.0.5-1.mga2.noarch.rpm
thunderbird-bg-17.0.5-1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.5-1.mga2.noarch.rpm
thunderbird-br-17.0.5-1.mga2.noarch.rpm
thunderbird-ca-17.0.5-1.mga2.noarch.rpm
thunderbird-cs-17.0.5-1.mga2.noarch.rpm
thunderbird-da-17.0.5-1.mga2.noarch.rpm
thunderbird-de-17.0.5-1.mga2.noarch.rpm
thunderbird-el-17.0.5-1.mga2.noarch.rpm
thunderbird-en_GB-17.0.5-1.mga2.noarch.rpm
thunderbird-es_AR-17.0.5-1.mga2.noarch.rpm
thunderbird-es_ES-17.0.5-1.mga2.noarch.rpm
thunderbird-et-17.0.5-1.mga2.noarch.rpm
thunderbird-eu-17.0.5-1.mga2.noarch.rpm
thunderbird-fi-17.0.5-1.mga2.noarch.rpm
thunderbird-fr-17.0.5-1.mga2.noarch.rpm
thunderbird-fy-17.0.5-1.mga2.noarch.rpm
thunderbird-ga-17.0.5-1.mga2.noarch.rpm
thunderbird-gd-17.0.5-1.mga2.noarch.rpm
thunderbird-gl-17.0.5-1.mga2.noarch.rpm
thunderbird-he-17.0.5-1.mga2.noarch.rpm
thunderbird-hu-17.0.5-1.mga2.noarch.rpm
thunderbird-id-17.0.5-1.mga2.noarch.rpm
thunderbird-is-17.0.5-1.mga2.noarch.rpm
thunderbird-it-17.0.5-1.mga2.noarch.rpm
thunderbird-ja-17.0.5-1.mga2.noarch.rpm
thunderbird-ko-17.0.5-1.mga2.noarch.rpm
thunderbird-lt-17.0.5-1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-nl-17.0.5-1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.5-1.mga2.noarch.rpm
thunderbird-pl-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.5-1.mga2.noarch.rpm
thunderbird-ro-17.0.5-1.mga2.noarch.rpm
thunderbird-ru-17.0.5-1.mga2.noarch.rpm
thunderbird-si-17.0.5-1.mga2.noarch.rpm
thunderbird-sk-17.0.5-1.mga2.noarch.rpm
thunderbird-sl-17.0.5-1.mga2.noarch.rpm
thunderbird-sq-17.0.5-1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.5-1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.5-1.mga2.noarch.rpm
thunderbird-tr-17.0.5-1.mga2.noarch.rpm
thunderbird-uk-17.0.5-1.mga2.noarch.rpm
thunderbird-vi-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.5-1.mga2.noarch.rpm

SRPMS:
thunderbird-17.0.5-1.mga2.src.rpm
thunderbird-l10n-17.0.5-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800

http://www.mozilla.org/security/announce/2013/mfsa2013-30...
http://www.mozilla.org/security/announce/2013/mfsa2013-31...
http://www.mozilla.org/security/announce/2013/mfsa2013-35...
http://www.mozilla.org/security/announce/2013/mfsa2013-36...
http://www.mozilla.org/security/announce/2013/mfsa2013-38...
http://www.mozilla.org/security/known-vulnerabilities/thu...
https://rhn.redhat.com/errata/RHSA-2013-0697.html

https://bugs.mageia.org/show_bug.cgi?id=9599

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds