Mozilla Thunderbird is a standalone mail and newsgroup client.
Two flaws were found in the way Thunderbird processed certain regular
expressions. A malicious HTML email could cause a crash or possibly
execute arbitrary code as the user running Thunderbird. (CVE-2006-4565,
CVE-2006-4566)
A flaw was found in the Thunderbird auto-update verification system. An
attacker who has the ability to spoof a victim’s DNS could get Firefox to
download and install malicious code. In order to exploit this issue an
attacker would also need to get a victim to previously accept an
unverifiable certificate. (CVE-2006-4567)
A flaw was found in the handling of Javascript timed events. A malicious
HTML email could crash the browser or possibly execute arbitrary code as
the user running Thunderbird. (CVE-2006-4253)
Daniel Bleichenbacher recently described an implementation error in RSA
signature verification. For RSA keys with exponent 3 it is possible for an
attacker to forge a signature that which would be incorrectly verified by
the NSS library. (CVE-2006-4340)
A flaw was found in Thunderbird that triggered when a HTML message
contained a remote image pointing to a XBL script. An attacker could have
created a carefully crafted message which would execute Javascript if
certain actions were performed on the email by the recipient, even if
Javascript was disabled. (CVE-2006-4570)
A number of flaws were found in Thunderbird. A malicious HTML email could
cause a crash or possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-4571)
Users of Thunderbird are advised to upgrade to this update, which contains
Thunderbird version 1.5.0.7 that corrects these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | src | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.src.rpm |
RedHat | 4 | s390x | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.s390x.rpm |
RedHat | 4 | ia64 | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.ia64.rpm |
RedHat | 4 | i386 | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.i386.rpm |
RedHat | 4 | x86_64 | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.x86_64.rpm |
RedHat | 4 | s390 | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.s390.rpm |
RedHat | 4 | ppc | thunderbird | < 1.5.0.7-0.1.el4 | thunderbird-1.5.0.7-0.1.el4.ppc.rpm |