RHSA-2007:0108
Vulnerability from csaf_redhat - Published: 2007-03-14 00:24 - Updated: 2025-11-21 17:31Summary
Red Hat Security Advisory: thunderbird security update
Severity
Critical
Notes
Topic: Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain malformed
JavaScript code. A malicious HTML mail message could execute JavaScript
code in such a way that may result in Thunderbird crashing or executing
arbitrary code as the user running Thunderbird. JavaScript support is
disabled by default in Thunderbird; these issues are not exploitable unless
the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777)
Several cross-site scripting (XSS) flaws were found in the way Thunderbird
processed certain malformed HTML mail messages. A malicious HTML mail
message could display misleading information which may result in a user
unknowingly divulging sensitive information such as a password.
(CVE-2006-6077, CVE-2007-0995, CVE-2007-0996)
A flaw was found in the way Thunderbird processed text/enhanced and
text/richtext formatted mail message. A specially crafted mail message
could execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2007-1282)
A flaw was found in the way Thunderbird cached web content on the local
disk. A malicious HTML mail message may be able to inject arbitrary HTML
into a browsing session if the user reloads a targeted site. (CVE-2007-0778)
A flaw was found in the way Thunderbird displayed certain web content. A
malicious HTML mail message could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking a
user into thinking they are visiting a different site. (CVE-2007-0779)
Two flaws were found in the way Thunderbird displayed blocked popup
windows. If a user can be convinced to open a blocked popup, it is possible
to read arbitrary local files, or conduct an XSS attack against the user.
(CVE-2007-0780, CVE-2007-0800)
Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Thunderbird. (CVE-2007-0008, CVE-2007-0009)
A flaw was found in the way Thunderbird handled the "location.hostname"
value during certain browser domain checks. This flaw could allow a
malicious HTML mail message to set domain cookies for an arbitrary site, or
possibly perform an XSS attack. (CVE-2007-0981)
Users of Thunderbird are advised to apply this update, which contains
Thunderbird version 1.5.0.10 that corrects these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated thunderbird packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the way Thunderbird processed certain malformed\nJavaScript code. A malicious HTML mail message could execute JavaScript\ncode in such a way that may result in Thunderbird crashing or executing\narbitrary code as the user running Thunderbird. JavaScript support is\ndisabled by default in Thunderbird; these issues are not exploitable unless\nthe user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777)\n\nSeveral cross-site scripting (XSS) flaws were found in the way Thunderbird\nprocessed certain malformed HTML mail messages. A malicious HTML mail\nmessage could display misleading information which may result in a user\nunknowingly divulging sensitive information such as a password.\n(CVE-2006-6077, CVE-2007-0995, CVE-2007-0996)\n\nA flaw was found in the way Thunderbird processed text/enhanced and\ntext/richtext formatted mail message. A specially crafted mail message\ncould execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2007-1282)\n\nA flaw was found in the way Thunderbird cached web content on the local\ndisk. A malicious HTML mail message may be able to inject arbitrary HTML\ninto a browsing session if the user reloads a targeted site. (CVE-2007-0778)\n\nA flaw was found in the way Thunderbird displayed certain web content. A\nmalicious HTML mail message could generate content which could overlay user\ninterface elements such as the hostname and security indicators, tricking a\nuser into thinking they are visiting a different site. (CVE-2007-0779)\n\nTwo flaws were found in the way Thunderbird displayed blocked popup\nwindows. If a user can be convinced to open a blocked popup, it is possible\nto read arbitrary local files, or conduct an XSS attack against the user.\n(CVE-2007-0780, CVE-2007-0800)\n\nTwo buffer overflow flaws were found in the Network Security Services (NSS)\ncode for processing the SSLv2 protocol. Connecting to a malicious secure\nweb server could cause the execution of arbitrary code as the user running\nThunderbird. (CVE-2007-0008, CVE-2007-0009)\n\nA flaw was found in the way Thunderbird handled the \"location.hostname\"\nvalue during certain browser domain checks. This flaw could allow a\nmalicious HTML mail message to set domain cookies for an arbitrary site, or\npossibly perform an XSS attack. (CVE-2007-0981)\n\nUsers of Thunderbird are advised to apply this update, which contains\nThunderbird version 1.5.0.10 that corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2007:0108",
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "230562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=230562"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0108.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T17:31:20+00:00",
"generator": {
"date": "2025-11-21T17:31:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2007:0108",
"initial_release_date": "2007-03-14T00:24:00+00:00",
"revision_history": [
{
"date": "2007-03-14T00:24:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-03-14T11:12:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:31:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:1.5.0.10-1.el5.src",
"product": {
"name": "thunderbird-0:1.5.0.10-1.el5.src",
"product_id": "thunderbird-0:1.5.0.10-1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:1.5.0.10-1.el5.x86_64",
"product": {
"name": "thunderbird-0:1.5.0.10-1.el5.x86_64",
"product_id": "thunderbird-0:1.5.0.10-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
"product_id": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.10-1.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:1.5.0.10-1.el5.i386",
"product": {
"name": "thunderbird-0:1.5.0.10-1.el5.i386",
"product_id": "thunderbird-0:1.5.0.10-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"product": {
"name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"product_id": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.10-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:1.5.0.10-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.i386"
},
"product_reference": "thunderbird-0:1.5.0.10-1.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:1.5.0.10-1.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.src"
},
"product_reference": "thunderbird-0:1.5.0.10-1.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:1.5.0.10-1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64"
},
"product_reference": "thunderbird-0:1.5.0.10-1.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386"
},
"product_reference": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
"relates_to_product_reference": "5Client"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-6077",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618236"
}
],
"notes": [
{
"category": "description",
"text": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-6077"
},
{
"category": "external",
"summary": "RHBZ#1618236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-6077",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-6077"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-6077",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6077"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0008",
"discovery_date": "2006-12-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "565576"
}
],
"notes": [
{
"category": "description",
"text": "Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NSS: SSLv2 protocol buffer overflows",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0008"
},
{
"category": "external",
"summary": "RHBZ#565576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0008",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0008"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0008",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0008"
}
],
"release_date": "2007-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "NSS: SSLv2 protocol buffer overflows"
},
{
"cve": "CVE-2007-0009",
"discovery_date": "2006-12-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "565576"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NSS: SSLv2 protocol buffer overflows",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0009"
},
{
"category": "external",
"summary": "RHBZ#565576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0009"
}
],
"release_date": "2007-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "NSS: SSLv2 protocol buffer overflows"
},
{
"cve": "CVE-2007-0775",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618273"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0775"
},
{
"category": "external",
"summary": "RHBZ#1618273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0775"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0777",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618275"
}
],
"notes": [
{
"category": "description",
"text": "The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0777"
},
{
"category": "external",
"summary": "RHBZ#1618275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0777"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0778",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618276"
}
],
"notes": [
{
"category": "description",
"text": "The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0778"
},
{
"category": "external",
"summary": "RHBZ#1618276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618276"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0778"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0779",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618277"
}
],
"notes": [
{
"category": "description",
"text": "GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0779"
},
{
"category": "external",
"summary": "RHBZ#1618277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0779",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0779"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0780",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618278"
}
],
"notes": [
{
"category": "description",
"text": "browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0780"
},
{
"category": "external",
"summary": "RHBZ#1618278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0780",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0780"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0800",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618279"
}
],
"notes": [
{
"category": "description",
"text": "Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0800"
},
{
"category": "external",
"summary": "RHBZ#1618279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0800"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0981",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "229253"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": ": seamonkey cookie setting / same-domain bypass vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0981"
},
{
"category": "external",
"summary": "RHBZ#229253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0981"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": ": seamonkey cookie setting / same-domain bypass vulnerability"
},
{
"cve": "CVE-2007-0995",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618287"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0995"
},
{
"category": "external",
"summary": "RHBZ#1618287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618287"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0995"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0995",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0995"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-0996",
"discovery_date": "2007-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618288"
}
],
"notes": [
{
"category": "description",
"text": "The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0996"
},
{
"category": "external",
"summary": "RHBZ#1618288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0996"
}
],
"release_date": "2007-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2007-1282",
"discovery_date": "2007-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618295"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1282"
},
{
"category": "external",
"summary": "RHBZ#1618295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1282",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1282"
}
],
"release_date": "2007-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-03-14T00:24:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client:thunderbird-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-0:1.5.0.10-1.el5.src",
"5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
"5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0108"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…