Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Fedora Core 4 Update: thunderbird-1.0.6-1.1.fc4
Posted by Philipp Esselbach on: 07/21/2005 03:49 AM [ Print | 0 comment(s) ]
A thunderbird update has been released for Fedora Core 4
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-606
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 4
Name : thunderbird
Version : 1.0.6
Release : 1.1.fc4
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-606
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 4
Name : thunderbird
Version : 1.0.6
Release : 1.1.fc4
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and Exposures project has assigned this bug the name CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related JavaScript objects. A malicious HTML mail could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM nodes from the content window. An HTML message could install malicious JavaScript code or steal data when a user performs commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript executed from HTML mail should run with a restricted access level, preventing dangerous actions. It is possible that a malicious HTML mail could execute JavaScript code with elevated privileges, allowing access to protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls. It is possible for a malicious HTML mail to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled.(CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript functions. It is possible for a malicious HTML mail to crash the client by executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible for a malicious framed HTML mail to steal sensitive information from its parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is possible for a malicious HTML mail to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious JavaScript.(CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible for HTML content to navigate up the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.6 and is not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon lt;caillon@redhat.comgt; 1.0.6-1.1.fc4
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon lt;caillon@redhat.comgt; 1.0.6-0.1.fc4
- 1.0.6 Release Candidate
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
51f614a0a887ffb58ce6bbf4f4eb7431 SRPMS/thunderbird-1.0.6-1.1.fc4.src.rpm
fc206b1fd0dccb15da66b2fe3b272175 ppc/thunderbird-1.0.6-1.1.fc4.ppc.rpm
0b94083b2f2415f84069e30c20742ec1 ppc/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.ppc.rpm
38da7902f6e1bcfc45ef688e04a770e8 x86_64/thunderbird-1.0.6-1.1.fc4.x86_64.rpm
1a6bbee24e0559176e19ba1218d91e02 x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.x86_64.rpm
f858562b2d77180acb6d40022fe1c3cd i386/thunderbird-1.0.6-1.1.fc4.i386.rpm
90cba454ded9c8d4e049262abdea64d2 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and Exposures project has assigned this bug the name CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related JavaScript objects. A malicious HTML mail could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM nodes from the content window. An HTML message could install malicious JavaScript code or steal data when a user performs commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript executed from HTML mail should run with a restricted access level, preventing dangerous actions. It is possible that a malicious HTML mail could execute JavaScript code with elevated privileges, allowing access to protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls. It is possible for a malicious HTML mail to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled.(CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript functions. It is possible for a malicious HTML mail to crash the client by executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible for a malicious framed HTML mail to steal sensitive information from its parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is possible for a malicious HTML mail to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious JavaScript.(CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible for HTML content to navigate up the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.6 and is not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon lt;caillon@redhat.comgt; 1.0.6-1.1.fc4
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon lt;caillon@redhat.comgt; 1.0.6-0.1.fc4
- 1.0.6 Release Candidate
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
51f614a0a887ffb58ce6bbf4f4eb7431 SRPMS/thunderbird-1.0.6-1.1.fc4.src.rpm
fc206b1fd0dccb15da66b2fe3b272175 ppc/thunderbird-1.0.6-1.1.fc4.ppc.rpm
0b94083b2f2415f84069e30c20742ec1 ppc/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.ppc.rpm
38da7902f6e1bcfc45ef688e04a770e8 x86_64/thunderbird-1.0.6-1.1.fc4.x86_64.rpm
1a6bbee24e0559176e19ba1218d91e02 x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.x86_64.rpm
f858562b2d77180acb6d40022fe1c3cd i386/thunderbird-1.0.6-1.1.fc4.i386.rpm
90cba454ded9c8d4e049262abdea64d2 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Related Threads
09/29/2007 09:59 AM: Dual booting Fedora Core 5 with Windows XP Pro? (5) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff