rhsa-2008_0105
Vulnerability from csaf_redhat
Published
2008-02-08 02:13
Modified
2024-11-05 16:52
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
Updated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
[Updated 27th February 2008]
The erratum text has been updated to include the details of additional
issues that were fixed by these erratum packages, but which were not public
at the time of release. No changes have been made to the packages.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
A heap-based buffer overflow flaw was found in the way Thunderbird
processed messages with external-body Multipurpose Internet Message
Extensions (MIME) types. A HTML mail message containing malicious content
could cause Thunderbird to execute arbitrary code as the user running
Thunderbird. (CVE-2008-0304)
Several flaws were found in the way Thunderbird processed certain malformed
HTML mail content. A HTML mail message containing malicious content could
cause Thunderbird to crash, or potentially execute arbitrary code as the
user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
CVE-2008-0419)
Several flaws were found in the way Thunderbird displayed malformed HTML
mail content. A HTML mail message containing specially-crafted content
could trick a user into surrendering sensitive information. (CVE-2008-0420,
CVE-2008-0591, CVE-2008-0593)
A flaw was found in the way Thunderbird handles certain chrome URLs. If a
user has certain extensions installed, it could allow a malicious HTML mail
message to steal sensitive session data. Note: this flaw does not affect a
default installation of Thunderbird. (CVE-2008-0418)
Note: JavaScript support is disabled by default in Thunderbird; the above
issues are not exploitable unless JavaScript is enabled.
A flaw was found in the way Thunderbird saves certain text files. If a
remote site offers a file of type "plain/text", rather than "text/plain",
Thunderbird will not show future "text/plain" content to the user, forcing
them to save those files locally to view the content. (CVE-2008-0592)
Users of thunderbird are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.\n\n[Updated 27th February 2008]\nThe erratum text has been updated to include the details of additional\nissues that were fixed by these erratum packages, but which were not public\nat the time of release. No changes have been made to the packages.", "title": "Topic" }, { "category": "general", "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA heap-based buffer overflow flaw was found in the way Thunderbird\nprocessed messages with external-body Multipurpose Internet Message\nExtensions (MIME) types. A HTML mail message containing malicious content\ncould cause Thunderbird to execute arbitrary code as the user running\nThunderbird. (CVE-2008-0304)\n\nSeveral flaws were found in the way Thunderbird processed certain malformed\nHTML mail content. A HTML mail message containing malicious content could\ncause Thunderbird to crash, or potentially execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Thunderbird displayed malformed HTML\nmail content. A HTML mail message containing specially-crafted content\ncould trick a user into surrendering sensitive information. (CVE-2008-0420,\nCVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way Thunderbird handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious HTML mail\nmessage to steal sensitive session data. Note: this flaw does not affect a\ndefault installation of Thunderbird. (CVE-2008-0418)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the way Thunderbird saves certain text files. If a\nremote site offers a file of type \"plain/text\", rather than \"text/plain\",\nThunderbird will not show future \"text/plain\" content to the user, forcing\nthem to save those files locally to view the content. (CVE-2008-0592)\n\nUsers of thunderbird are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0105", "url": "https://access.redhat.com/errata/RHSA-2008:0105" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "431732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431732" }, { "category": "external", "summary": "431733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431733" }, { "category": "external", "summary": "431739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431739" }, { "category": "external", "summary": "431748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431748" }, { "category": "external", "summary": "431749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431749" }, { "category": "external", "summary": "431751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431751" }, { "category": "external", "summary": "431752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431752" }, { "category": "external", "summary": "431756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431756" }, { "category": "external", "summary": "435123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=435123" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0105.json" } ], "title": "Red Hat Security Advisory: thunderbird security update", "tracking": { "current_release_date": "2024-11-05T16:52:12+00:00", "generator": { "date": "2024-11-05T16:52:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0105", "initial_release_date": "2008-02-08T02:13:00+00:00", "revision_history": [ { "date": "2008-02-08T02:13:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-02-27T16:44:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:52:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4", "product": { "name": "Red Hat Enterprise Linux AS version 4", "product_id": "4AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::as" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop version 4", "product": { "name": "Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4", "product": { "name": "Red Hat Enterprise Linux ES version 4", "product_id": "4ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4", "product": { "name": "Red Hat Enterprise Linux WS version 4", "product_id": "4WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::ws" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_productivity:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.ia64", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.ia64", "product_id": "thunderbird-0:1.5.0.12-8.el4.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=ia64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el4?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.src", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.src", "product_id": "thunderbird-0:1.5.0.12-8.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=src" } } }, { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el5.src", "product": { "name": "thunderbird-0:1.5.0.12-8.el5.src", "product_id": "thunderbird-0:1.5.0.12-8.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.x86_64", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.x86_64", "product_id": "thunderbird-0:1.5.0.12-8.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el4?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el5.x86_64", "product": { "name": "thunderbird-0:1.5.0.12-8.el5.x86_64", "product_id": "thunderbird-0:1.5.0.12-8.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el5?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.i386", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.i386", "product_id": "thunderbird-0:1.5.0.12-8.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=i386" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el4?arch=i386" } } }, { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el5.i386", "product": { "name": "thunderbird-0:1.5.0.12-8.el5.i386", "product_id": "thunderbird-0:1.5.0.12-8.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el5?arch=i386" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.ppc", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.ppc", "product_id": "thunderbird-0:1.5.0.12-8.el4.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=ppc" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el4?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.s390x", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.s390x", "product_id": "thunderbird-0:1.5.0.12-8.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=s390x" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el4?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:1.5.0.12-8.el4.s390", "product": { "name": "thunderbird-0:1.5.0.12-8.el4.s390", "product_id": "thunderbird-0:1.5.0.12-8.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@1.5.0.12-8.el4?arch=s390" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "product": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "product_id": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.12-8.el4?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.src as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.src" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.src", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.src as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.src" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.src", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.src as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.src" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.src", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.src as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.src" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.src", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-0:1.5.0.12-8.el5.i386" }, "product_reference": "thunderbird-0:1.5.0.12-8.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-0:1.5.0.12-8.el5.src" }, "product_reference": "thunderbird-0:1.5.0.12-8.el5.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el5.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386" }, "product_reference": "thunderbird-0:1.5.0.12-8.el5.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el5.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src" }, "product_reference": "thunderbird-0:1.5.0.12-8.el5.src", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:1.5.0.12-8.el5.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64" }, "product_reference": "thunderbird-0:1.5.0.12-8.el5.x86_64", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" }, "product_reference": "thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "relates_to_product_reference": "5Server-DPAS" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-0304", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "435123" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.", "title": "Vulnerability description" }, { "category": "summary", "text": "thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0304" }, { "category": "external", "summary": "RHBZ#435123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=435123" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0304", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0304" } ], "release_date": "2008-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability" }, { "cve": "CVE-2008-0412", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431732" } ], "notes": [ { "category": "description", "text": "The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla layout engine crashes", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0412" }, { "category": "external", "summary": "RHBZ#431732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0412", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0412" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla layout engine crashes" }, { "cve": "CVE-2008-0413", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431733" } ], "notes": [ { "category": "description", "text": "The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla javascript engine crashes", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0413" }, { "category": "external", "summary": "RHBZ#431733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431733" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0413", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0413" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0413", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0413" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla javascript engine crashes" }, { "cve": "CVE-2008-0415", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431739" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla arbitrary code execution", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0415" }, { "category": "external", "summary": "RHBZ#431739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0415", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0415" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla arbitrary code execution" }, { "cve": "CVE-2008-0418", "discovery_date": "2008-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431748" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using \"flat\" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.", "title": "Vulnerability description" }, { "category": "summary", "text": "chrome: directory traversal", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0418" }, { "category": "external", "summary": "RHBZ#431748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0418", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0418" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0418", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0418" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chrome: directory traversal" }, { "cve": "CVE-2008-0419", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431749" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla arbitrary code execution", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0419" }, { "category": "external", "summary": "RHBZ#431749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431749" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0419", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0419" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0419", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0419" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla arbitrary code execution" }, { "cve": "CVE-2008-0420", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431750" } ], "notes": [ { "category": "description", "text": "modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla information disclosure flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0420" }, { "category": "external", "summary": "RHBZ#431750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0420", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0420" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0420", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0420" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla information disclosure flaw" }, { "cve": "CVE-2008-0591", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431751" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the \"dialog refocus bug\" or \"ffclick2\".", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla information disclosure flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0591" }, { "category": "external", "summary": "RHBZ#431751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431751" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0591", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0591" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0591", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0591" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla information disclosure flaw" }, { "cve": "CVE-2008-0592", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431752" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla text file mishandling", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0592" }, { "category": "external", "summary": "RHBZ#431752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431752" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0592", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0592" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0592", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0592" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Mozilla text file mishandling" }, { "cve": "CVE-2008-0593", "discovery_date": "2008-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431756" } ], "notes": [ { "category": "description", "text": "Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla URL token stealing flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0593" }, { "category": "external", "summary": "RHBZ#431756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431756" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0593", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0593" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0593", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0593" } ], "release_date": "2008-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-08T02:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:thunderbird-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-0:1.5.0.12-8.el4.src", "4AS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4AS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-0:1.5.0.12-8.el4.src", "4Desktop:thunderbird-0:1.5.0.12-8.el4.x86_64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4Desktop:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-0:1.5.0.12-8.el4.src", "4ES:thunderbird-0:1.5.0.12-8.el4.x86_64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4ES:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-0:1.5.0.12-8.el4.src", "4WS:thunderbird-0:1.5.0.12-8.el4.x86_64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.i386", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ia64", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.ppc", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.s390x", "4WS:thunderbird-debuginfo-0:1.5.0.12-8.el4.x86_64", "5Client:thunderbird-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-0:1.5.0.12-8.el5.src", "5Client:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Client:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.src", "5Server-DPAS:thunderbird-0:1.5.0.12-8.el5.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.i386", "5Server-DPAS:thunderbird-debuginfo-0:1.5.0.12-8.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0105" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Mozilla URL token stealing flaw" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.