CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.5%
CentOS Errata and Security Advisory CESA-2006:0735
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processes certain malformed
Javascript code. A malicious HTML mail message could cause the execution of
Javascript code in such a way that could cause Thunderbird to crash or
execute arbitrary code as the user running Thunderbird. (CVE-2006-5463,
CVE-2006-5747, CVE-2006-5748)
Several flaws were found in the way Thunderbird renders HTML mail messages.
A malicious HTML mail message could cause the mail client to crash or
possibly execute arbitrary code as the user running Thunderbird.
(CVE-2006-5464)
A flaw was found in the way Thunderbird verifies RSA signatures. For RSA
keys with exponent 3 it is possible for an attacker to forge a signature
that would be incorrectly verified by the NSS library. Thunderbird as
shipped trusts several root Certificate Authorities that use exponent 3. An
attacker could have created a carefully crafted SSL certificate which would
be incorrectly trusted when their site was visited by a victim. This flaw
was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich
Kuehn discovered the fix was incomplete (CVE-2006-5462)
Users of Thunderbird are advised to upgrade to this update, which contains
Thunderbird version 1.5.0.8 that corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-November/075545.html
https://lists.centos.org/pipermail/centos-announce/2006-November/075546.html
Affected packages:
thunderbird
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0735
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | x86_64 | thunderbird | < 1.5.0.8-0.1.el4.centos4 | thunderbird-1.5.0.8-0.1.el4.centos4.x86_64.rpm |
CentOS | 4 | i386 | thunderbird | < 1.5.0.8-0.1.el4.centos4 | thunderbird-1.5.0.8-0.1.el4.centos4.i386.rpm |