Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2010:0545
HistoryJul 20, 2010 - 12:00 a.m.

(RHSA-2010:0545) Critical: thunderbird security update

2010-07-2000:00:00
access.redhat.com
14

0.901 High

EPSS

Percentile

98.8%

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

A memory corruption flaw was found in the way Thunderbird decoded certain
PNG images. An attacker could create a mail message containing a
specially-crafted PNG image that, when opened, could cause Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1205)

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,
CVE-2010-1214, CVE-2010-2753)

An integer overflow flaw was found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2010-1199)

Several use-after-free flaws were found in Thunderbird. Viewing an HTML
mail message containing malicious content could result in Thunderbird
executing arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

A flaw was found in the way Thunderbird plug-ins interact. It was possible
for a plug-in to reference the freed memory from a different plug-in,
resulting in the execution of arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1198)

A flaw was found in the way Thunderbird handled the “Content-Disposition:
attachment” HTTP header when the “Content-Type: multipart” HTTP header was
also present. Loading remote HTTP content that allows arbitrary uploads and
relies on the “Content-Disposition: attachment” HTTP header to prevent
content from being displayed inline, could be used by an attacker to serve
malicious content to users. (CVE-2010-1197)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML
content could steal private data from different remote HTML content
Thunderbird has loaded. (CVE-2010-2754)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

Related

openvas 103
oraclelinux 5
centos 6
nessus 31
redhat 5
fedora 35
debian 6
osv 3
securityvulns 2
ubuntu 2
freebsd 1
openvas
openvas
CentOS Update for thunderbird CESA-2010:0545 centos5 i386
2011-08-09 00:00:00
RedHat Update for thunderbird RHSA-2010:0544-01
2010-07-23 00:00:00
CentOS Update for thunderbird CESA-2010:0545 centos5 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2010-07-21 00:00:00
seamonkey security update
2010-03-30 00:00:00
seamonkey security update
2010-07-21 00:00:00
centos
centos
thunderbird security update
2010-07-22 14:50:56
thunderbird security update
2010-08-06 23:32:55
seamonkey security update
2010-08-16 21:36:58
nessus
nessus
Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 : thunderbird (ELSA-2010-0544)
2013-07-12 00:00:00
Scientific Linux Security Update : thunderbird on SL4.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2010:0544) Moderate: thunderbird security update
2010-07-20 00:00:00
(RHSA-2010:0546) Critical: seamonkey security update
2010-07-20 00:00:00
(RHSA-2010:0333) Critical: seamonkey security update
2010-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: sunbird-1.0-0.21.20090916hg.fc12
2010-04-01 01:55:06
[SECURITY] Fedora 13 Update: sunbird-1.0-0.21.20090916hg.fc13
2010-04-01 17:18:40
[SECURITY] Fedora 11 Update: sunbird-1.0-0.16.20090715hg.fc11
2010-04-01 01:53:01
debian
debian
[SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities
2010-04-03 17:50:19
[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities
2010-07-27 19:47:37
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:54:27
osv
osv
xulrunner - several vulnerabilities
2010-04-03 00:00:00
xulrunner - several vulnerabilities
2010-07-27 00:00:00
xulrunner - several vulnerabilities
2010-06-27 00:00:00
securityvulns
securityvulns
xulrunner multiple security vulnerabilities
2010-04-06 00:00:00
[SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities
2010-04-06 00:00:00
ubuntu
ubuntu
Firefox 3.0 and Xulrunner vulnerabilities
2010-04-09 00:00:00
Thunderbird vulnerabilities
2010-07-26 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-03-30 00:00:00

0.901 High

EPSS

Percentile

98.8%

JSON
Related for RHSA-2010:0545
openvas103oraclelinux5centos6nessus31redhat5fedora35debian6osv3securityvulns2ubuntu2freebsd1