rhsa-2010_0153
Vulnerability from csaf_redhat
Published
2010-03-17 12:38
Modified
2024-11-05 17:14
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,
CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)
A use-after-free flaw was found in Thunderbird. An attacker could use this
flaw to crash Thunderbird or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2009-3077)
A heap-based buffer overflow flaw was found in the Thunderbird string to
floating point conversion routines. An HTML mail message containing
malicious JavaScript could crash Thunderbird or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2009-0689)
A use-after-free flaw was found in Thunderbird. Under low memory
conditions, viewing an HTML mail message containing malicious content could
result in Thunderbird executing arbitrary code with the privileges of the
user running Thunderbird. (CVE-2009-1571)
A flaw was found in the way Thunderbird created temporary file names for
downloaded files. If a local attacker knows the name of a file Thunderbird
is going to download, they can replace the contents of that file with
arbitrary contents. (CVE-2009-3274)
A flaw was found in the way Thunderbird displayed a right-to-left override
character when downloading a file. In these cases, the name displayed in
the title bar differed from the name displayed in the dialog body. An
attacker could use this flaw to trick a user into downloading a file that
has a file name or extension that is different from what the user expected.
(CVE-2009-3376)
A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A
malicious SOCKS5 server could send a specially-crafted reply that would
cause Thunderbird to crash. (CVE-2009-2470)
Descriptions in the dialogs when adding and removing PKCS #11 modules were
not informative. An attacker able to trick a user into installing a
malicious PKCS #11 module could use this flaw to install their own
Certificate Authority certificates on a user's machine, making it possible
to trick the user into believing they are viewing trusted content or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2009-3076)
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,\nCVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)\n\nA use-after-free flaw was found in Thunderbird. An attacker could use this\nflaw to crash Thunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2009-3077)\n\nA heap-based buffer overflow flaw was found in the Thunderbird string to\nfloating point conversion routines. An HTML mail message containing\nmalicious JavaScript could crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2009-0689)\n\nA use-after-free flaw was found in Thunderbird. Under low memory\nconditions, viewing an HTML mail message containing malicious content could\nresult in Thunderbird executing arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-1571)\n\nA flaw was found in the way Thunderbird created temporary file names for\ndownloaded files. If a local attacker knows the name of a file Thunderbird\nis going to download, they can replace the contents of that file with\narbitrary contents. (CVE-2009-3274)\n\nA flaw was found in the way Thunderbird displayed a right-to-left override\ncharacter when downloading a file. In these cases, the name displayed in\nthe title bar differed from the name displayed in the dialog body. An\nattacker could use this flaw to trick a user into downloading a file that\nhas a file name or extension that is different from what the user expected.\n(CVE-2009-3376)\n\nA flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A\nmalicious SOCKS5 server could send a specially-crafted reply that would\ncause Thunderbird to crash. (CVE-2009-2470)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user\u0027s machine, making it possible\nto trick the user into believing they are viewing trusted content or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2009-3076)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0153", "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "512128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128" }, { "category": "external", "summary": "512131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131" }, { "category": "external", "summary": "512136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136" }, { "category": "external", "summary": "512145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145" }, { "category": "external", "summary": "521688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688" }, { "category": "external", "summary": "521691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691" }, { "category": "external", "summary": "521692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692" }, { "category": "external", "summary": "521693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693" }, { "category": "external", "summary": "524815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815" }, { "category": "external", "summary": "530162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162" }, { "category": "external", "summary": "530168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168" }, { "category": "external", "summary": "530567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567" }, { "category": "external", "summary": "546694", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694" }, { "category": "external", "summary": "566047", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047" }, { "category": "external", "summary": "566050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0153.json" } ], "title": "Red Hat Security Advisory: thunderbird security update", "tracking": { "current_release_date": "2024-11-05T17:14:13+00:00", "generator": { "date": "2024-11-05T17:14:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2010:0153", "initial_release_date": "2010-03-17T12:38:00+00:00", "revision_history": [ { "date": "2010-03-17T12:38:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-03-17T08:38:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:14:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_productivity:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:2.0.0.24-2.el5_4.src", "product": { "name": "thunderbird-0:2.0.0.24-2.el5_4.src", "product_id": "thunderbird-0:2.0.0.24-2.el5_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@2.0.0.24-2.el5_4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:2.0.0.24-2.el5_4.x86_64", "product": { "name": "thunderbird-0:2.0.0.24-2.el5_4.x86_64", "product_id": "thunderbird-0:2.0.0.24-2.el5_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@2.0.0.24-2.el5_4?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "product": { "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "product_id": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.24-2.el5_4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:2.0.0.24-2.el5_4.i386", "product": { "name": "thunderbird-0:2.0.0.24-2.el5_4.i386", "product_id": "thunderbird-0:2.0.0.24-2.el5_4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@2.0.0.24-2.el5_4?arch=i386" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "product": { "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "product_id": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.24-2.el5_4?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:2.0.0.24-2.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386" }, "product_reference": "thunderbird-0:2.0.0.24-2.el5_4.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:2.0.0.24-2.el5_4.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-0:2.0.0.24-2.el5_4.src" }, "product_reference": "thunderbird-0:2.0.0.24-2.el5_4.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:2.0.0.24-2.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64" }, "product_reference": "thunderbird-0:2.0.0.24-2.el5_4.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386" }, "product_reference": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" }, "product_reference": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:2.0.0.24-2.el5_4.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386" }, "product_reference": "thunderbird-0:2.0.0.24-2.el5_4.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:2.0.0.24-2.el5_4.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src" }, "product_reference": "thunderbird-0:2.0.0.24-2.el5_4.src", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:2.0.0.24-2.el5_4.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64" }, "product_reference": "thunderbird-0:2.0.0.24-2.el5_4.x86_64", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386" }, "product_reference": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" }, "product_reference": "thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "relates_to_product_reference": "5Server-DPAS" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0689", "discovery_date": "2009-11-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "539784" } ], "notes": [ { "category": "description", "text": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.", "title": "Vulnerability description" }, { "category": "summary", "text": "array index error in dtoa implementation of many products", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0689" }, { "category": "external", "summary": "RHBZ#539784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539784" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0689", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0689" } ], "release_date": "2009-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "array index error in dtoa implementation of many products" }, { "cve": "CVE-2009-1571", "discovery_date": "2010-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "566050" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla incorrectly frees used memory (MFSA 2010-03)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1571" }, { "category": "external", "summary": "RHBZ#566050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1571", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1571" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1571", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1571" } ], "release_date": "2010-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla incorrectly frees used memory (MFSA 2010-03)" }, { "cve": "CVE-2009-2462", "discovery_date": "2009-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512128" } ], "notes": [ { "category": "description", "text": "The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Browser engine crashes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2462" }, { "category": "external", "summary": "RHBZ#512128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2462", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2462" } ], "release_date": "2009-07-21T23:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Browser engine crashes" }, { "cve": "CVE-2009-2463", "discovery_date": "2009-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512131" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Base64 decoding crash", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2463" }, { "category": "external", "summary": "RHBZ#512131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2463", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2463" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2463" } ], "release_date": "2009-07-21T23:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Base64 decoding crash" }, { "cve": "CVE-2009-2466", "discovery_date": "2009-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512136" } ], "notes": [ { "category": "description", "text": "The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla JavaScript engine crashes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2466" }, { "category": "external", "summary": "RHBZ#512136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2466", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2466" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2466", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2466" } ], "release_date": "2009-07-21T23:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla JavaScript engine crashes" }, { "cve": "CVE-2009-2470", "discovery_date": "2009-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512145" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla data corruption with SOCKS5 reply", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2470" }, { "category": "external", "summary": "RHBZ#512145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2470", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2470" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2470", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2470" } ], "release_date": "2009-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Mozilla data corruption with SOCKS5 reply" }, { "cve": "CVE-2009-3072", "discovery_date": "2009-09-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "521688" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox 3.5.3 3.0.14 browser engine crashes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3072" }, { "category": "external", "summary": "RHBZ#521688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3072", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3072" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3072", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3072" } ], "release_date": "2009-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Firefox 3.5.3 3.0.14 browser engine crashes" }, { "cve": "CVE-2009-3075", "discovery_date": "2009-09-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "521691" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox 3.5.2 3.0.14 JavaScript engine crashes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3075" }, { "category": "external", "summary": "RHBZ#521691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3075", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3075" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3075", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3075" } ], "release_date": "2009-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Firefox 3.5.2 3.0.14 JavaScript engine crashes" }, { "cve": "CVE-2009-3076", "discovery_date": "2009-09-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "521692" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3076" }, { "category": "external", "summary": "RHBZ#521692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3076", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3076" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3076", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3076" } ], "release_date": "2009-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal" }, { "cve": "CVE-2009-3077", "discovery_date": "2009-09-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "521693" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a \"dangling pointer vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3077" }, { "category": "external", "summary": "RHBZ#521693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3077", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3077" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3077", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3077" } ], "release_date": "2009-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability" }, { "cve": "CVE-2009-3274", "discovery_date": "2009-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "524815" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox: Predictable /tmp pathname use", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3274" }, { "category": "external", "summary": "RHBZ#524815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3274", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3274" } ], "release_date": "2009-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Firefox: Predictable /tmp pathname use" }, { "cve": "CVE-2009-3376", "discovery_date": "2009-10-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530168" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox download filename spoofing with RTL override", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3376" }, { "category": "external", "summary": "RHBZ#530168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3376", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3376" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3376", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3376" } ], "release_date": "2009-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Firefox download filename spoofing with RTL override" }, { "cve": "CVE-2009-3380", "discovery_date": "2009-10-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530567" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox crashes with evidence of memory corruption", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3380" }, { "category": "external", "summary": "RHBZ#530567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3380", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3380" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3380", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3380" } ], "release_date": "2009-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Firefox crashes with evidence of memory corruption" }, { "cve": "CVE-2009-3384", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2009-10-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530164" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox integer underflow in FTP directory list parser", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3384" }, { "category": "external", "summary": "RHBZ#530164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530164" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3384", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3384" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3384", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3384" } ], "release_date": "2009-10-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Firefox integer underflow in FTP directory list parser" }, { "cve": "CVE-2009-3979", "discovery_date": "2009-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "546694" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla crash with evidence of memory corruption", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3979" }, { "category": "external", "summary": "RHBZ#546694", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3979", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3979" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3979", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3979" } ], "release_date": "2009-12-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla crash with evidence of memory corruption" }, { "cve": "CVE-2010-0159", "discovery_date": "2010-02-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "566047" } ], "notes": [ { "category": "description", "text": "The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla crashes with evidence of memory corruption (MFSA 2010-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0159" }, { "category": "external", "summary": "RHBZ#566047", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0159", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0159" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0159", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0159" } ], "release_date": "2010-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla crashes with evidence of memory corruption (MFSA 2010-01)" }, { "cve": "CVE-2010-0163", "discovery_date": "2010-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "576391" } ], "notes": [ { "category": "description", "text": "Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.", "title": "Vulnerability description" }, { "category": "summary", "text": "seamonkey/thunderbird: crash when indexing certain messages with attachments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0163" }, { "category": "external", "summary": "RHBZ#576391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0163", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0163" } ], "release_date": "2010-03-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "seamonkey/thunderbird: crash when indexing certain messages with attachments" }, { "cve": "CVE-2010-0169", "discovery_date": "2010-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "576694" } ], "notes": [ { "category": "description", "text": "The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser\u0027s font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.", "title": "Vulnerability description" }, { "category": "summary", "text": "firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0169" }, { "category": "external", "summary": "RHBZ#576694", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0169" } ], "release_date": "2010-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)" }, { "cve": "CVE-2010-0171", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2010-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "576696" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.", "title": "Vulnerability description" }, { "category": "summary", "text": "firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0171" }, { "category": "external", "summary": "RHBZ#576696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0171", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0171" } ], "release_date": "2010-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-03-17T12:38:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0153" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-0:2.0.0.24-2.el5_4.src", "5Client:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Client:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.src", "5Server-DPAS:thunderbird-0:2.0.0.24-2.el5_4.x86_64", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.i386", "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-2.el5_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.