RHSA-2009:1126
Vulnerability from csaf_redhat - Published: 2009-06-25 15:07 - Updated: 2025-11-21 17:34Summary
Red Hat Security Advisory: thunderbird security update
Severity
Moderate
Notes
Topic: An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,
CVE-2009-1838)
Several flaws were found in the way malformed HTML mail content was
processed. An HTML mail message containing malicious content could execute
arbitrary JavaScript in the context of the mail message, possibly
presenting misleading data to the user, or stealing sensitive information
such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,
CVE-2009-1309)
A flaw was found in the way Thunderbird handled error responses returned
from proxy servers. If an attacker is able to conduct a man-in-the-middle
attack against a Thunderbird instance that is using a proxy server, they
may be able to steal sensitive information from the site Thunderbird is
displaying. (CVE-2009-1836)
Note: JavaScript support is disabled by default in Thunderbird. None of the
above issues are exploitable unless JavaScript is enabled.
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
4.3 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
5.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
4.3 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
4.3 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
1.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1126
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code as the user running\nThunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,\nCVE-2009-1838)\n\nSeveral flaws were found in the way malformed HTML mail content was\nprocessed. An HTML mail message containing malicious content could execute\narbitrary JavaScript in the context of the mail message, possibly\npresenting misleading data to the user, or stealing sensitive information\nsuch as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309)\n\nA flaw was found in the way Thunderbird handled error responses returned\nfrom proxy servers. If an attacker is able to conduct a man-in-the-middle\nattack against a Thunderbird instance that is using a proxy server, they\nmay be able to steal sensitive information from the site Thunderbird is\ndisplaying. (CVE-2009-1836)\n\nNote: JavaScript support is disabled by default in Thunderbird. None of the\nabove issues are exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1126",
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "456202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456202"
},
{
"category": "external",
"summary": "496253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253"
},
{
"category": "external",
"summary": "496256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256"
},
{
"category": "external",
"summary": "496262",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262"
},
{
"category": "external",
"summary": "496263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263"
},
{
"category": "external",
"summary": "496266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266"
},
{
"category": "external",
"summary": "496267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267"
},
{
"category": "external",
"summary": "503568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568"
},
{
"category": "external",
"summary": "503570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570"
},
{
"category": "external",
"summary": "503578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578"
},
{
"category": "external",
"summary": "503580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1126.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T17:34:47+00:00",
"generator": {
"date": "2025-11-21T17:34:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2009:1126",
"initial_release_date": "2009-06-25T15:07:00+00:00",
"revision_history": [
{
"date": "2009-06-25T15:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-06-25T11:07:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:34:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:2.0.0.22-2.el5_3.src",
"product": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.src",
"product_id": "thunderbird-0:2.0.0.22-2.el5_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@2.0.0.22-2.el5_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"product": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"product_id": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@2.0.0.22-2.el5_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"product_id": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.22-2.el5_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:2.0.0.22-2.el5_3.i386",
"product": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.i386",
"product_id": "thunderbird-0:2.0.0.22-2.el5_3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@2.0.0.22-2.el5_3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"product": {
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"product_id": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.22-2.el5_3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386"
},
"product_reference": "thunderbird-0:2.0.0.22-2.el5_3.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:2.0.0.22-2.el5_3.src"
},
"product_reference": "thunderbird-0:2.0.0.22-2.el5_3.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64"
},
"product_reference": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386"
},
"product_reference": "thunderbird-0:2.0.0.22-2.el5_3.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src"
},
"product_reference": "thunderbird-0:2.0.0.22-2.el5_3.src",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64"
},
"product_reference": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"relates_to_product_reference": "5Server-DPAS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-1303",
"discovery_date": "2009-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "496253"
}
],
"notes": [
{
"category": "description",
"text": "The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox 2 and 3 Layout engine crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1303"
},
{
"category": "external",
"summary": "RHBZ#496253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1303"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1303"
}
],
"release_date": "2009-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Firefox 2 and 3 Layout engine crash"
},
{
"cve": "CVE-2009-1305",
"discovery_date": "2009-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "496256"
}
],
"notes": [
{
"category": "description",
"text": "The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox 2 and 3 JavaScript engine crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1305"
},
{
"category": "external",
"summary": "RHBZ#496256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1305"
}
],
"release_date": "2009-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Firefox 2 and 3 JavaScript engine crash"
},
{
"cve": "CVE-2009-1306",
"discovery_date": "2009-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "496262"
}
],
"notes": [
{
"category": "description",
"text": "The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a \"Content-Disposition: attachment\" designation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jar: scheme ignores the content-disposition: header on the inner URI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1306"
},
{
"category": "external",
"summary": "RHBZ#496262",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1306"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1306",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1306"
}
],
"release_date": "2009-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jar: scheme ignores the content-disposition: header on the inner URI"
},
{
"cve": "CVE-2009-1307",
"discovery_date": "2009-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "496263"
}
],
"notes": [
{
"category": "description",
"text": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "view-source: protocol",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1307"
},
{
"category": "external",
"summary": "RHBZ#496263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1307"
}
],
"release_date": "2009-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "view-source: protocol"
},
{
"cve": "CVE-2009-1308",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "496266"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox XSS hazard using third-party stylesheets and XBL bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1308"
},
{
"category": "external",
"summary": "RHBZ#496266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1308"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1308",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1308"
}
],
"release_date": "2009-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Firefox XSS hazard using third-party stylesheets and XBL bindings"
},
{
"cve": "CVE-2009-1309",
"discovery_date": "2009-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "496267"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document\u0027s principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1309"
},
{
"category": "external",
"summary": "RHBZ#496267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1309"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1309",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1309"
}
],
"release_date": "2009-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString"
},
{
"cve": "CVE-2009-1392",
"discovery_date": "2009-05-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503568"
}
],
"notes": [
{
"category": "description",
"text": "The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox browser engine crashes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1392"
},
{
"category": "external",
"summary": "RHBZ#503568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1392",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1392"
}
],
"release_date": "2009-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Firefox browser engine crashes"
},
{
"cve": "CVE-2009-1833",
"discovery_date": "2009-05-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503570"
}
],
"notes": [
{
"category": "description",
"text": "The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox JavaScript engine crashes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1833"
},
{
"category": "external",
"summary": "RHBZ#503570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1833"
}
],
"release_date": "2009-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Firefox JavaScript engine crashes"
},
{
"cve": "CVE-2009-1836",
"discovery_date": "2009-05-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503578"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox SSL tampering via non-200 responses to proxy CONNECT requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1836"
},
{
"category": "external",
"summary": "RHBZ#503578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1836"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1836",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1836"
}
],
"release_date": "2009-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Firefox SSL tampering via non-200 responses to proxy CONNECT requests"
},
{
"cve": "CVE-2009-1838",
"discovery_date": "2009-05-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503580"
}
],
"notes": [
{
"category": "description",
"text": "The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element\u0027s owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Firefox arbitrary code execution flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1838"
},
{
"category": "external",
"summary": "RHBZ#503580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1838"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1838",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1838"
}
],
"release_date": "2009-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Firefox arbitrary code execution flaw"
},
{
"cve": "CVE-2009-2210",
"discovery_date": "2009-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "507812"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Thunderbird mail crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2210"
},
{
"category": "external",
"summary": "RHBZ#507812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2210"
}
],
"release_date": "2009-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-06-25T15:07:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
"5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Thunderbird mail crash"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…