GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Nov 18, 2007 11:26 pm Post subject: [ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabili |
 |
|
Gentoo Linux Security Advisory
Title: Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200711-24)
Severity: normal
Exploitable: remote
Date: November 18, 2007
Bug(s): #196481
ID: 200711-24
Synopsis
Multiple vulnerabilities have been reported in Mozilla Thunderbird, which
may allow user-assisted arbitrary remote code execution.
Background
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
Affected Packages
Package: mail-client/mozilla-thunderbird
Vulnerable: < 2.0.0.9
Unaffected: >= 2.0.0.9
Architectures: All supported architectures
Package: mail-client/mozilla-thunderbird-bin
Vulnerable: < 2.0.0.9
Unaffected: >= 2.0.0.9
Architectures: All supported architectures
Description
Multiple vulnerabilities have been reported in Mozilla Thunderbird's
HTML browser engine (CVE-2007-5339) and JavaScript engine
(CVE-2007-5340) that can be exploited to cause a memory corruption.
Impact
A remote attacker could entice a user to read a specially crafted email
that could trigger one of the vulnerabilities, possibly leading to the
execution of arbitrary code.
Workaround
There is no known workaround at this time for all of these issues, but
some of them can be avoided by disabling JavaScript.
Resolution
All Mozilla Thunderbird users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.9" |
All Mozilla Thunderbird binary users should upgrade to the latest
version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.9" |
References
CVE-2007-5339
CVE-2007-5340
GLSA 200711-14
Last edited by GLSA on Mon Jun 10, 2013 4:26 am; edited 5 times in total |
|
News & Announcements
