rhsa-2010_0545
Vulnerability from csaf_redhat
Published
2010-07-21 01:18
Modified
2024-11-05 17:17
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
A memory corruption flaw was found in the way Thunderbird decoded certain
PNG images. An attacker could create a mail message containing a
specially-crafted PNG image that, when opened, could cause Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1205)
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,
CVE-2010-1214, CVE-2010-2753)
An integer overflow flaw was found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2010-1199)
Several use-after-free flaws were found in Thunderbird. Viewing an HTML
mail message containing malicious content could result in Thunderbird
executing arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)
A flaw was found in the way Thunderbird plug-ins interact. It was possible
for a plug-in to reference the freed memory from a different plug-in,
resulting in the execution of arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1198)
A flaw was found in the way Thunderbird handled the "Content-Disposition:
attachment" HTTP header when the "Content-Type: multipart" HTTP header was
also present. Loading remote HTTP content that allows arbitrary uploads and
relies on the "Content-Disposition: attachment" HTTP header to prevent
content from being displayed inline, could be used by an attacker to serve
malicious content to users. (CVE-2010-1197)
A same-origin policy bypass flaw was found in Thunderbird. Remote HTML
content could steal private data from different remote HTML content
Thunderbird has loaded. (CVE-2010-2754)
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0545",
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "578147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147"
},
{
"category": "external",
"summary": "578149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149"
},
{
"category": "external",
"summary": "578150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150"
},
{
"category": "external",
"summary": "578152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152"
},
{
"category": "external",
"summary": "590804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804"
},
{
"category": "external",
"summary": "590828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828"
},
{
"category": "external",
"summary": "590833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833"
},
{
"category": "external",
"summary": "590850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850"
},
{
"category": "external",
"summary": "608238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"category": "external",
"summary": "615455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455"
},
{
"category": "external",
"summary": "615462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462"
},
{
"category": "external",
"summary": "615466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466"
},
{
"category": "external",
"summary": "615488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0545.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-05T17:17:56+00:00",
"generator": {
"date": "2024-11-05T17:17:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2010:0545",
"initial_release_date": "2010-07-21T01:18:00+00:00",
"revision_history": [
{
"date": "2010-07-21T01:18:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-07-20T21:18:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T17:17:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:2.0.0.24-6.el5.src",
"product": {
"name": "thunderbird-0:2.0.0.24-6.el5.src",
"product_id": "thunderbird-0:2.0.0.24-6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@2.0.0.24-6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:2.0.0.24-6.el5.x86_64",
"product": {
"name": "thunderbird-0:2.0.0.24-6.el5.x86_64",
"product_id": "thunderbird-0:2.0.0.24-6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@2.0.0.24-6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"product_id": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.24-6.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:2.0.0.24-6.el5.i386",
"product": {
"name": "thunderbird-0:2.0.0.24-6.el5.i386",
"product_id": "thunderbird-0:2.0.0.24-6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@2.0.0.24-6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"product": {
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"product_id": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.24-6.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.24-6.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:2.0.0.24-6.el5.i386"
},
"product_reference": "thunderbird-0:2.0.0.24-6.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.24-6.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:2.0.0.24-6.el5.src"
},
"product_reference": "thunderbird-0:2.0.0.24-6.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.24-6.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-0:2.0.0.24-6.el5.x86_64"
},
"product_reference": "thunderbird-0:2.0.0.24-6.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.24-6.el5.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386"
},
"product_reference": "thunderbird-0:2.0.0.24-6.el5.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.24-6.el5.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src"
},
"product_reference": "thunderbird-0:2.0.0.24-6.el5.src",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:2.0.0.24-6.el5.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64"
},
"product_reference": "thunderbird-0:2.0.0.24-6.el5.x86_64",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"relates_to_product_reference": "5Server-DPAS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"relates_to_product_reference": "5Server-DPAS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0174",
"discovery_date": "2010-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578147"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla crashes with evidence of memory corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0174"
},
{
"category": "external",
"summary": "RHBZ#578147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0174",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0174"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla crashes with evidence of memory corruption"
},
{
"cve": "CVE-2010-0175",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2010-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578149"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla remote code execution with use-after-free in nsTreeSelection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0175"
},
{
"category": "external",
"summary": "RHBZ#578149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0175",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0175"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla remote code execution with use-after-free in nsTreeSelection"
},
{
"cve": "CVE-2010-0176",
"discovery_date": "2010-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578150"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Dangling pointer vulnerability in nsTreeContentView",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0176"
},
{
"category": "external",
"summary": "RHBZ#578150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0176",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0176"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Dangling pointer vulnerability in nsTreeContentView"
},
{
"cve": "CVE-2010-0177",
"discovery_date": "2010-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "578152"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a \"dangling pointer vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Dangling pointer vulnerability in nsPluginArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0177"
},
{
"category": "external",
"summary": "RHBZ#578152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0177",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0177"
}
],
"release_date": "2010-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Dangling pointer vulnerability in nsPluginArray"
},
{
"cve": "CVE-2010-1197",
"discovery_date": "2010-05-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "590850"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Content-Disposition: attachment ignored if Content-Type: multipart also present",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1197"
},
{
"category": "external",
"summary": "RHBZ#590850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1197"
}
],
"release_date": "2010-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Content-Disposition: attachment ignored if Content-Type: multipart also present"
},
{
"cve": "CVE-2010-1198",
"discovery_date": "2010-05-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "590828"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Freed object reuse across plugin instances",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1198"
},
{
"category": "external",
"summary": "RHBZ#590828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1198"
}
],
"release_date": "2010-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Freed object reuse across plugin instances"
},
{
"cve": "CVE-2010-1199",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2010-05-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "590833"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Integer Overflow in XSLT Node Sorting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1199"
},
{
"category": "external",
"summary": "RHBZ#590833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1199",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1199"
}
],
"release_date": "2010-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Integer Overflow in XSLT Node Sorting"
},
{
"cve": "CVE-2010-1200",
"discovery_date": "2010-05-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "590804"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Crashes with evidence of memory corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1200"
},
{
"category": "external",
"summary": "RHBZ#590804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1200",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1200"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1200",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1200"
}
],
"release_date": "2010-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Crashes with evidence of memory corruption"
},
{
"cve": "CVE-2010-1205",
"discovery_date": "2010-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "608238"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: out-of-bounds memory write",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1205"
},
{
"category": "external",
"summary": "RHBZ#608238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205"
}
],
"release_date": "2010-06-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "libpng: out-of-bounds memory write"
},
{
"cve": "CVE-2010-1211",
"discovery_date": "2010-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "615455"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla miscellaneous memory safety hazards",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1211"
},
{
"category": "external",
"summary": "RHBZ#615455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1211"
}
],
"release_date": "2010-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla miscellaneous memory safety hazards"
},
{
"cve": "CVE-2010-1214",
"discovery_date": "2010-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "615462"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1214"
},
{
"category": "external",
"summary": "RHBZ#615462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1214"
}
],
"release_date": "2010-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability"
},
{
"cve": "CVE-2010-2753",
"discovery_date": "2010-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "615466"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla nsTreeSelection dangling pointer remote code execution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2753"
},
{
"category": "external",
"summary": "RHBZ#615466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2753",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2753"
}
],
"release_date": "2010-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla nsTreeSelection dangling pointer remote code execution vulnerability"
},
{
"cve": "CVE-2010-2754",
"discovery_date": "2010-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "615488"
}
],
"notes": [
{
"category": "description",
"text": "dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script\u0027s URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla Cross-origin data leakage from script filename in error messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2754"
},
{
"category": "external",
"summary": "RHBZ#615488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2754"
}
],
"release_date": "2010-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-21T01:18:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0545"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client:thunderbird-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-0:2.0.0.24-6.el5.src",
"5Client:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Client:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.src",
"5Server-DPAS:thunderbird-0:2.0.0.24-6.el5.x86_64",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.i386",
"5Server-DPAS:thunderbird-debuginfo-0:2.0.0.24-6.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla Cross-origin data leakage from script filename in error messages"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.