Oval Definition:oval:com.redhat.rhsa:def:20060760
Revision Date:2006-12-19Version:635
Title:RHSA-2006:0760: thunderbird security update (Critical)
Description:Mozilla Thunderbird is a standalone mail and newsgroup client.

  • Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; this issue is not exploitable without enabling JavaScript. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)

  • Several flaws were found in the way Thunderbird renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6497)

    A heap based buffer overflow flaw was found in the way Thunderbird parses the Content-Type mail header. A malicious mail message could cause the Thunderbird client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6505)

    Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.9 that corrects these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2006-6497
    CVE-2006-6498
    CVE-2006-6501
    CVE-2006-6502
    CVE-2006-6503
    CVE-2006-6504
    CVE-2006-6505
    RHSA-2006:0760
    RHSA-2006:0760-01
    RHSA-2006:0760-01
    Platform(s):Red Hat Enterprise Linux 4
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND thunderbird is earlier than 0:1.5.0.9-0.1.el4
  • AND thunderbird is signed with Red Hat redhatrelease2 key
  • BACK