6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.832 High
EPSS
Percentile
98.4%
CentOS Errata and Security Advisory CESA-2012:0140
Mozilla Thunderbird is a standalone mail and newsgroup client.
A heap-based buffer overflow flaw was found in the way Thunderbird handled
PNG (Portable Network Graphics) images. An HTML mail message or remote
content containing a specially-crafted PNG image could cause Thunderbird to
crash or, possibly, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2011-3026)
All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-February/080606.html
Affected packages:
thunderbird
Upstream details at:
https://access.redhat.com/errata/RHSA-2012:0140
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | thunderbird | < 3.1.18-2.el6.centos | thunderbird-3.1.18-2.el6.centos.i686.rpm |
CentOS | 6 | x86_64 | thunderbird | < 3.1.18-2.el6.centos | thunderbird-3.1.18-2.el6.centos.x86_64.rpm |