|
|
Subscribe / Log in / New account

Pardus alert 2010-102 (thunderbird)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-102] Thunderbird: Multiple
	Vulnerabilities 


Date:
    	      Mon,  2 Aug 2010 09:40:28 +0300 (EEST)


Message-ID:
    	      <20100802064028.72CC2A7ABB4@lider.pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-102           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-02
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple Vulnerabilities have been fixed in Thunderbird. 


Description
===========

Accordingly to Mozilla, the following vulnerabilities have been  fixed. 
Detailed information can be gathered at Mozilla Security Announce page. 



MFSA 2010-47 Cross-origin data leakage from script  filename  in  error 
messages 

MFSA 2010-46 Cross-domain data theft using CSS 

MFSA 2010-44 Characters mapped to  U+FFFD  in  8  bit  encodings  cause 
subsequent character to vanish 

MFSA 2010-43 Same-origin bypass using canvas context 

MFSA  2010-42 Cross-origin  data  disclosure  via  Web   Workers   and  
importScripts 

MFSA 2010-41 Remote code execution using malformed PNG image 

MFSA 2010-40 nsTreeSelection dangling  pointer  remote  code  execution 
vulnerability 

MFSA 2010-39 nsCSSValue::Array index integer overflow 

MFSA 2010-38 Arbitrary  code  execution  using  SJOW  and  fast  native 
function 

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) 


Affected packages:

  Pardus 2009:
    thunderbird, all before 3.1.1-54-11


Resolution
==========

There are update(s) for thunderbird. You can update  them  via  Package 
Manager or with a single command from console: 

    pisi up thunderbird

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=13839
  * http://www.mozilla.org/security/announce/

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds