mozilla-thunderbird

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

• CVE-2006-2788
  Fernando Ribeiro discovered that a vulnerability in the getRawDER
  function allows remote attackers to cause a denial of service
  (hang) and possibly execute arbitrary code.
• CVE-2006-4340
  Daniel Bleichenbacher recently described an implementation error
  in RSA signature verification that cause the application to
  incorrectly trust SSL certificates.
• CVE-2006-4565, CVE-2006-4566
  Priit Laes reported that a JavaScript regular expression can
  trigger a heap-based buffer overflow which allows remote attackers
  to cause a denial of service and possibly execute arbitrary code.
• CVE-2006-4568
  A vulnerability has been discovered that allows remote attackers
  to bypass the security model and inject content into the sub-frame
  of another site.
• CVE-2006-4570
  Georgi Guninski demonstrated that even with JavaScript disabled in
  mail (the default) an attacker can still execute JavaScript when a
  mail message is viewed, replied to, or forwarded.
• CVE-2006-4571
  Multiple unspecified vulnerabilities in Firefox, Thunderbird and
  SeaMonkey allow remote attackers to cause a denial of service,
  corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8c.1.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.7-1.

We recommend that you upgrade your Mozilla Thunderbird packages.