[SECURITY] Fedora Core 5 Update: thunderbird-1.5.0.7-1.fc5
Christopher Aillon
caillon at redhat.com
Fri Sep 15 01:48:41 UTC 2006
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-977
2006-09-14
---------------------------------------------------------------------
Product : Fedora Core 5
Name : thunderbird
Version : 1.5.0.7
Release : 1.fc5
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Two flaws were found in the way Thunderbird processed
certain regular expressions. A malicious HTML email could
cause a crash or possibly execute arbitrary code as the user
running Thunderbird. (CVE-2006-4565, CVE-2006-4566)
A flaw was found in the Thunderbird auto-update verification
system. An attacker who has the ability to spoof a victim's
DNS could get Firefox to download and install malicious
code. In order to exploit this issue an attacker would also
need to get a victim to previously accept an unverifiable
certificate. (CVE-2006-4567)
A flaw was found in the handling of JavaScript timed events.
A malicious HTML email could crash the browser or possibly
execute arbitrary code as the user running Thunderbird.
(CVE-2006-4253)
A flaw was found in Thunderbird that triggered when a HTML
message contained a remote image pointing to a XBL script.
An attacker could have created a carefully crafted message
which would execute JavaScript if certain actions were
performed on the email by the recipient, even if JavaScript
was disabled. (CVE-2006-4570)
A number of flaws were found in Thunderbird. A malicious
HTML email could cause a crash or possibly execute arbitrary
code as the user running Thunderbird. (CVE-2006-4571)
Users of Thunderbird are advised to upgrade to this update,
which contains Thunderbird version 1.5.0.7 that corrects
these issues.
---------------------------------------------------------------------
* Wed Sep 13 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-1
- Update to 1.5.0.7
* Tue Aug 8 2006 Kai Engert <kengert at redhat.com> - 1.5.0.5-1.1
- Update to 1.5.0.5
- Use dist tag
* Mon Jun 12 2006 Kai Engert <kengert at redhat.com> - 1.5.0.4-1.1.fc5
- Update to 1.5.0.4
- Fix desktop-file-utils requires
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
75f68ca61cdd79d0aa437ed2fefbebefd7987919 SRPMS/thunderbird-1.5.0.7-1.fc5.src.rpm
75f68ca61cdd79d0aa437ed2fefbebefd7987919 noarch/thunderbird-1.5.0.7-1.fc5.src.rpm
b7875918e8dc902d18c33ee63c45a2825fd31486 ppc/thunderbird-1.5.0.7-1.fc5.ppc.rpm
b4454dfd18a6a6e5761dd649e4f9f49b02874707 ppc/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.ppc.rpm
391cb8656008545923143f01f0375d9e2d7cedd4 x86_64/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.x86_64.rpm
f767cc6c205797572270b6e016cdb8bc0660e969 x86_64/thunderbird-1.5.0.7-1.fc5.x86_64.rpm
f8ad379e17361ae43287e71a7cf7a287bdaae951 i386/debug/thunderbird-debuginfo-1.5.0.7-1.fc5.i386.rpm
18c9bd387ec2f0083d4215af084664de1e5e8f7b i386/thunderbird-1.5.0.7-1.fc5.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list