Debian Security Advisory DSA 1191-1 (mozilla-thunderbird)

Published: 2008-01-17 22:13:11
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8c.1. For the unstable distribution (sid) these problems have been fixed in version We recommend that you upgrade your Mozilla Thunderbird Linux Distribution Packages.

The remote host is missing an update to mozilla-thunderbird announced via advisory DSA 1191-1. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER functionallows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code. CVE-2006-4340 Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates. CVE-2006-4565, CVE-2006-4566 Priit Laes reported that that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-4568 A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site. CVE-2006-4570 Georgi Guninski demonstrated that even with JavaScript disabled in mail (the default) an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded. CVE-2006-4571 Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

SecurityFocus Bugtraq ID:

CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.