FSA/F7/FEDORA-2007-1180

[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7
Fedora Update Notification FEDORA-2007-1180 2007-07-20 12:32:17.311992

Name       : thunderbird Product    : Fedora 7 Version    : 2.0.0.5 Release    : 1.fc7 Summary    : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client.

Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches that correct these issues.

ChangeLog:

- 2.0.0.5 - 2.0.0.4 - 2.0.0.4 rc1
 * Fri Jul 20 2007 Kai Engert  - 2.0.0.5-1
 * Fri Jun 15 2007 Christopher Aillon  2.0.0.4-1
 * Fri Jun 8 2007 Christopher Aillon  2.0.0.4-0.rc1

References:

[ 1 ] Bug #248518 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518 [ 2 ] CVE-2007-3734 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734 [ 3 ] CVE-2007-3735 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735 [ 4 ] CVE-2007-3736 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736 [ 5 ] CVE-2007-3089 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089 [ 6 ] CVE-2007-3737 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737 [ 7 ] CVE-2007-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738

Updated packages:

406b91a7a359a5116abc1de38d66f02475330193 thunderbird-2.0.0.5-1.fc7.ppc64.rpm 2b7400c86c54e4b77fda5c8c5d7f6e57e3a4eadb thunderbird-debuginfo-2.0.0.5-1.fc7.ppc64.rpm f7f02885088254a8257fd6d20728785a600adaf5 thunderbird-debuginfo-2.0.0.5-1.fc7.i386.rpm 34c53a1f3b96d014e8bb6ca02704590be0baa980 thunderbird-2.0.0.5-1.fc7.i386.rpm 4d5328a7b0744d9cb9f73648e959c0cc7d62dee1 thunderbird-debuginfo-2.0.0.5-1.fc7.x86_64.rpm 1c57f5e01d960b6a0600cc7817764f13602058e7 thunderbird-2.0.0.5-1.fc7.x86_64.rpm 1c5eaadb7684dac209c38b9f1fcff1a002caed2c thunderbird-debuginfo-2.0.0.5-1.fc7.ppc.rpm 0fe3b5c19898df0c2976fdc8e19482dbe0903707 thunderbird-2.0.0.5-1.fc7.ppc.rpm d8525d565bd1523e8763f0aee0ec463257af98e2 thunderbird-2.0.0.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.