Solution
Please Install the Updated Packages.
Insight
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)
Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)
A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418)
Note: JavaScript support is disabled by default in Thunderbird the above
issues are not exploitable unless JavaScript is enabled.
A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type "
plain/text"
, rather than "
text/plain"
,
Thunderbird will not show future "
text/plain"
content to the user, forcing
them to save those files locally to view the content. (CVE-2008-0592)
Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
Affected
thunderbird on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities