rhsa-2007_0108
Vulnerability from csaf_redhat
Published
2007-03-14 00:24
Modified
2024-11-22 00:52
Summary
Red Hat Security Advisory: thunderbird security update

Notes

Topic
Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated thunderbird packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the way Thunderbird processed certain malformed\nJavaScript code. A malicious HTML mail message could execute JavaScript\ncode in such a way that may result in Thunderbird crashing or executing\narbitrary code as the user running Thunderbird. JavaScript support is\ndisabled by default in Thunderbird; these issues are not exploitable unless\nthe user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777)\n\nSeveral cross-site scripting (XSS) flaws were found in the way Thunderbird\nprocessed certain malformed HTML mail messages. A malicious HTML mail\nmessage could display misleading information which may result in a user\nunknowingly divulging sensitive information such as a password.\n(CVE-2006-6077, CVE-2007-0995, CVE-2007-0996)\n\nA flaw was found in the way Thunderbird processed text/enhanced and\ntext/richtext formatted mail message. A specially crafted mail message\ncould execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2007-1282)\n\nA flaw was found in the way Thunderbird cached web content on the local\ndisk. A malicious HTML mail message may be able to inject arbitrary HTML\ninto a browsing session if the user reloads a targeted site. (CVE-2007-0778)\n\nA flaw was found in the way Thunderbird displayed certain web content. A\nmalicious HTML mail message could generate content which could overlay user\ninterface elements such as the hostname and security indicators, tricking a\nuser into thinking they are visiting a different site. (CVE-2007-0779)\n\nTwo flaws were found in the way Thunderbird displayed blocked popup\nwindows. If a user can be convinced to open a blocked popup, it is possible\nto read arbitrary local files, or conduct an XSS attack against the user.\n(CVE-2007-0780, CVE-2007-0800)\n\nTwo buffer overflow flaws were found in the Network Security Services (NSS)\ncode for processing the SSLv2 protocol. Connecting to a malicious secure\nweb server could cause the execution of arbitrary code as the user running\nThunderbird. (CVE-2007-0008, CVE-2007-0009)\n\nA flaw was found in the way Thunderbird handled the \"location.hostname\"\nvalue during certain browser domain checks. This flaw could allow a\nmalicious HTML mail message to set domain cookies for an arbitrary site, or\npossibly perform an XSS attack. (CVE-2007-0981)\n\nUsers of Thunderbird are advised to apply this update, which contains\nThunderbird version 1.5.0.10 that corrects these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0108",
        "url": "https://access.redhat.com/errata/RHSA-2007:0108"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "230562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=230562"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0108.json"
      }
    ],
    "title": "Red Hat Security Advisory: thunderbird security update",
    "tracking": {
      "current_release_date": "2024-11-22T00:52:46+00:00",
      "generator": {
        "date": "2024-11-22T00:52:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0108",
      "initial_release_date": "2007-03-14T00:24:00+00:00",
      "revision_history": [
        {
          "date": "2007-03-14T00:24:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-03-14T11:12:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:52:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:1.5.0.10-1.el5.src",
                "product": {
                  "name": "thunderbird-0:1.5.0.10-1.el5.src",
                  "product_id": "thunderbird-0:1.5.0.10-1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:1.5.0.10-1.el5.x86_64",
                "product": {
                  "name": "thunderbird-0:1.5.0.10-1.el5.x86_64",
                  "product_id": "thunderbird-0:1.5.0.10-1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
                "product": {
                  "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
                  "product_id": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.10-1.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:1.5.0.10-1.el5.i386",
                "product": {
                  "name": "thunderbird-0:1.5.0.10-1.el5.i386",
                  "product_id": "thunderbird-0:1.5.0.10-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
                "product": {
                  "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
                  "product_id": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.10-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:1.5.0.10-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.i386"
        },
        "product_reference": "thunderbird-0:1.5.0.10-1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:1.5.0.10-1.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.src"
        },
        "product_reference": "thunderbird-0:1.5.0.10-1.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:1.5.0.10-1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64"
        },
        "product_reference": "thunderbird-0:1.5.0.10-1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386"
        },
        "product_reference": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-6077",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618236"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-6077"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618236",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618236"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-6077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-6077"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-6077",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6077"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0008",
      "discovery_date": "2006-12-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "565576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NSS: SSLv2 protocol buffer overflows",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0008"
        },
        {
          "category": "external",
          "summary": "RHBZ#565576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0008"
        }
      ],
      "release_date": "2007-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "NSS: SSLv2 protocol buffer overflows"
    },
    {
      "cve": "CVE-2007-0009",
      "discovery_date": "2006-12-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "565576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NSS: SSLv2 protocol buffer overflows",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0009"
        },
        {
          "category": "external",
          "summary": "RHBZ#565576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0009"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0009",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0009"
        }
      ],
      "release_date": "2007-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "NSS: SSLv2 protocol buffer overflows"
    },
    {
      "cve": "CVE-2007-0775",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618273"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0775"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618273",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618273"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0775"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0775",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0775"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0777",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618275"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0777"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618275",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618275"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0777",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0777"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0777",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0777"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0778",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618276"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0778"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618276",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618276"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0778"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0778",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0778"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0779",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618277"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0779"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618277",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618277"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0779",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0779"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0779",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0779"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0780",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618278"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0780"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618278",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618278"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0780",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0780"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0780",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0780"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0800",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618279"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0800"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618279",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618279"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0800"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0981",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "229253"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": ": seamonkey cookie setting / same-domain bypass vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0981"
        },
        {
          "category": "external",
          "summary": "RHBZ#229253",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229253"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0981"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0981",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0981"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": ": seamonkey cookie setting / same-domain bypass vulnerability"
    },
    {
      "cve": "CVE-2007-0995",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618287"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0995"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618287",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618287"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0995"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0995",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0995"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0996",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618288"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0996"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618288",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618288"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0996"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0996",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0996"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-1282",
      "discovery_date": "2007-03-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618295"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1282"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618295",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618295"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1282"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1282",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1282"
        }
      ],
      "release_date": "2007-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.