CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
CentOS Errata and Security Advisory CESA-2006:0760
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processes certain malformed
Javascript code. A malicious web page could cause the execution of
Javascript code in such a way that could cause Thunderbird to crash or
execute arbitrary code as the user running Thunderbird. JavaScript support
is disabled by default in Thunderbird; this issue is not exploitable
without enabling JavaScript. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503, CVE-2006-6504)
Several flaws were found in the way Thunderbird renders web pages. A
malicious web page could cause the browser to crash or possibly execute
arbitrary code as the user running Thunderbird. (CVE-2006-6497)
A heap based buffer overflow flaw was found in the way Thunderbird parses
the Content-Type mail header. A malicious mail message could cause the
Thunderbird client to crash or possibly execute arbitrary code as the user
running Thunderbird. (CVE-2006-6505)
Users of Thunderbird are advised to apply this update, which contains
Thunderbird version 1.5.0.9 that corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075611.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075613.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075616.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075619.html
Affected packages:
thunderbird
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0760
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | x86_64 | thunderbird | < 1.5.0.9-0.1.el4.centos4 | thunderbird-1.5.0.9-0.1.el4.centos4.x86_64.rpm |
CentOS | 4 | i386 | thunderbird | < 1.5.0.9-0.1.el4.centos4 | thunderbird-1.5.0.9-0.1.el4.centos4.i386.rpm |
CentOS | 4 | ia64 | thunderbird | < 1.5.0.9-0.1.el4.centos4 | thunderbird-1.5.0.9-0.1.el4.centos4.ia64.rpm |
CentOS | 4 | s390 | thunderbird | < 1.5.0.9-0.1.el4.centos4 | thunderbird-1.5.0.9-0.1.el4.centos4.s390.rpm |
CentOS | 4 | s390x | thunderbird | < 1.5.0.9-0.1.el4.centos4 | thunderbird-1.5.0.9-0.1.el4.centos4.s390x.rpm |