(RHSA-2009:0258) Moderate: thunderbird security update

2009-03-2400:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.451 Medium

EPSS

Percentile

97.0%

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,
CVE-2009-0775)

Several flaws were found in the way malformed content was processed. An
HTML mail message containing specially-crafted content could potentially
trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776)

Note: JavaScript support is disabled by default in Thunderbird. None of
the above issues are exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5i386thunderbird< 2.0.0.21-1.el5thunderbird-2.0.0.21-1.el5.i386.rpm
RedHat4ia64thunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.ia64.rpm
RedHat4s390thunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.s390.rpm
RedHat4i386thunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.i386.rpm
RedHat4s390xthunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.s390x.rpm
RedHat5srcthunderbird< 2.0.0.21-1.el5thunderbird-2.0.0.21-1.el5.src.rpm
RedHat4ppcthunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.ppc.rpm
RedHat5x86_64thunderbird< 2.0.0.21-1.el5thunderbird-2.0.0.21-1.el5.x86_64.rpm
RedHat4x86_64thunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.x86_64.rpm
RedHat4srcthunderbird< 1.5.0.12-19.el4thunderbird-1.5.0.12-19.el4.src.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	i386	thunderbird	< 2.0.0.21-1.el5	thunderbird-2.0.0.21-1.el5.i386.rpm
RedHat	4	ia64	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.ia64.rpm
RedHat	4	s390	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.s390.rpm
RedHat	4	i386	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.i386.rpm
RedHat	4	s390x	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.s390x.rpm
RedHat	5	src	thunderbird	< 2.0.0.21-1.el5	thunderbird-2.0.0.21-1.el5.src.rpm
RedHat	4	ppc	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.ppc.rpm
RedHat	5	x86_64	thunderbird	< 2.0.0.21-1.el5	thunderbird-2.0.0.21-1.el5.x86_64.rpm
RedHat	4	x86_64	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.x86_64.rpm
RedHat	4	src	thunderbird	< 1.5.0.12-19.el4	thunderbird-1.5.0.12-19.el4.src.rpm