Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0105
HistoryFeb 08, 2008 - 7:19 p.m.

thunderbird security update

2008-02-0819:19:22
CentOS Project
lists.centos.org
62

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.316 Low

EPSS

Percentile

96.9%

JSON

CentOS Errata and Security Advisory CESA-2008:0105

Mozilla Thunderbird is a standalone mail and newsgroup client.

A heap-based buffer overflow flaw was found in the way Thunderbird
processed messages with external-body Multipurpose Internet Message
Extensions (MIME) types. A HTML mail message containing malicious content
could cause Thunderbird to execute arbitrary code as the user running
Thunderbird. (CVE-2008-0304)

Several flaws were found in the way Thunderbird processed certain malformed
HTML mail content. A HTML mail message containing malicious content could
cause Thunderbird to crash, or potentially execute arbitrary code as the
user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
CVE-2008-0419)

Several flaws were found in the way Thunderbird displayed malformed HTML
mail content. A HTML mail message containing specially-crafted content
could trick a user into surrendering sensitive information. (CVE-2008-0420,
CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Thunderbird handles certain chrome URLs. If a
user has certain extensions installed, it could allow a malicious HTML mail
message to steal sensitive session data. Note: this flaw does not affect a
default installation of Thunderbird. (CVE-2008-0418)

Note: JavaScript support is disabled by default in Thunderbird; the above
issues are not exploitable unless JavaScript is enabled.

A flaw was found in the way Thunderbird saves certain text files. If a
remote site offers a file of type “plain/text”, rather than “text/plain”,
Thunderbird will not show future “text/plain” content to the user, forcing
them to save those files locally to view the content. (CVE-2008-0592)

Users of thunderbird are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-February/076827.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076828.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076833.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076834.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076838.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076845.html

Affected packages:
thunderbird

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0105

Related

nessus 33
openvas 117
redhat 3
fedora 29
oraclelinux 3
ubuntu 3
centos 3
osv 2
slackware 1
freebsd 1
suse 1
debian 2
securityvulns 1
nessus
nessus
Oracle Linux 4 : thunderbird (ELSA-2008-0105)
2013-07-12 00:00:00
RHEL 4 / 5 : thunderbird (RHSA-2008:0105)
2008-02-11 00:00:00
CentOS 4 / 5 : thunderbird (CESA-2008:0105)
2008-02-11 00:00:00
openvas
openvas
Fedora Update for thunderbird FEDORA-2008-2118
2009-02-16 00:00:00
RedHat Update for thunderbird RHSA-2008:0105-02
2009-03-06 00:00:00
Fedora Update for thunderbird FEDORA-2008-2060
2009-02-16 00:00:00
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0104) Critical: seamonkey security update
2008-02-07 00:00:00
(RHSA-2008:0103) Critical: firefox security update
2008-02-07 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.12-1.fc7
2008-02-28 21:46:05
[SECURITY] Fedora 7 Update: seamonkey-1.1.8-1.fc7
2008-02-13 15:10:50
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: seamonkey security update
2008-02-08 00:00:00
Critical: firefox security update
2008-02-08 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2008-02-29 00:00:00
Thunderbird regression
2008-03-06 00:00:00
Firefox vulnerabilities
2008-02-08 00:00:00
centos
centos
seamonkey security update
2008-02-11 00:20:26
seamonkey security update
2008-02-08 19:04:30
firefox security update
2008-02-08 19:18:05
osv
osv
icedove - several vulnerabilities
2008-02-10 00:00:00
xulrunner - several vulnerabilities
2008-02-10 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2008-03-01 23:36:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-02-07 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey
2008-02-15 17:07:07
debian
debian
[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
2008-02-24 12:30:41
[SECURITY] [DSA 1506-2] New iceape packages fix regression
2008-03-20 01:41:06
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
2008-02-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.316 Low

EPSS

Percentile

96.9%

JSON
Related for CESA-2008:0105
nessus33openvas117redhat3fedora29oraclelinux3ubuntu3centos3osv2slackware1freebsd1suse1debian2securityvulns1