Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1145
HistorySep 03, 2014 - 12:00 a.m.

(RHSA-2014:1145) Important: thunderbird security update

2014-09-0300:00:00
access.redhat.com
19

EPSS

0.12

Percentile

95.5%

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1562, CVE-2014-1567)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jan de Mooij as the original reporter of
CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567.

Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.8.0. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.8.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5i386thunderbird-debuginfo< 24.8.0-1.el5_10thunderbird-debuginfo-24.8.0-1.el5_10.i386.rpm
RedHat5x86_64thunderbird< 24.8.0-1.el5_10thunderbird-24.8.0-1.el5_10.x86_64.rpm
RedHat6x86_64thunderbird-debuginfo< 24.8.0-1.el6_5thunderbird-debuginfo-24.8.0-1.el6_5.x86_64.rpm
RedHat6ppc64thunderbird< 24.8.0-1.el6_5thunderbird-24.8.0-1.el6_5.ppc64.rpm
RedHat6srcthunderbird< 24.8.0-1.el6_5thunderbird-24.8.0-1.el6_5.src.rpm
RedHat5x86_64thunderbird-debuginfo< 24.8.0-1.el5_10thunderbird-debuginfo-24.8.0-1.el5_10.x86_64.rpm
RedHat6s390xthunderbird-debuginfo< 24.8.0-1.el6_5thunderbird-debuginfo-24.8.0-1.el6_5.s390x.rpm
RedHat5srcthunderbird< 24.8.0-1.el5_10thunderbird-24.8.0-1.el5_10.src.rpm
RedHat6i686thunderbird-debuginfo< 24.8.0-1.el6_5thunderbird-debuginfo-24.8.0-1.el6_5.i686.rpm
RedHat6x86_64thunderbird< 24.8.0-1.el6_5thunderbird-24.8.0-1.el6_5.x86_64.rpm
Rows per page:
1-10 of 141

Related

redhat 1
suse 9
openvas 37
nessus 28
centos 2
ibm 3
osv 2
oraclelinux 2
debian 2
mageia 2
veracode 2
prion 2
cvelist 2
cve 2
nvd 2
ubuntucve 2
mozilla 2
zdi 1
ubuntu 2
securityvulns 1
gentoo 1
redhat
redhat
(RHSA-2014:1144) Critical: firefox security update
2014-09-03 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2014-09-10 05:04:21
Security update for MozillaFirefox (important)
2014-09-11 00:04:22
Security update for MozillaFirefox (important)
2014-09-12 19:04:15
openvas
openvas
CentOS Update for thunderbird CESA-2014:1145 centos5
2014-09-05 00:00:00
Debian: Security Advisory (DSA-3018-1)
2014-09-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1112-2)
2021-06-09 00:00:00
nessus
nessus
Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20140903)
2014-09-05 00:00:00
Firefox ESR 24.x < 24.8 Multiple Vulnerabilities
2014-09-03 00:00:00
Firefox ESR 24.x < 24.8 Multiple Vulnerabilities (Mac OS X)
2014-09-03 00:00:00
centos
centos
firefox, xulrunner security update
2014-09-03 23:09:36
thunderbird security update
2014-09-03 23:55:41
ibm
ibm
Security Bulletin: IBM SONAS security vulnerabilities related to Mozilla Firefox (CVE-2014-1562, CVE-2014-1567)
2018-06-18 00:08:42
Security Bulletin: Vulnerabilities in Firefox affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance (CVE-2014-1562, CVE-2014-1567)
2018-06-17 22:30:12
Security Bulletin: Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified (CVE-2014-1562, CVE-2014-1567)
2018-06-18 00:08:42
osv
osv
icedove - security update
2014-09-17 00:00:00
iceweasel - security update
2014-09-03 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2014-09-03 00:00:00
firefox security update
2014-09-03 00:00:00
debian
debian
[SECURITY] [DSA 3028-1] icedove security update
2014-09-17 19:55:13
[SECURITY] [DSA 3018-1] iceweasel security update
2014-09-03 10:44:11
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2014-09-05 13:07:37
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
veracode
veracode
Use-after-Free
2019-05-02 05:03:53
Denial Of Service (DoS)
2019-01-15 09:00:17
prion
prion
Memory corruption
2014-09-03 10:55:00
Design/Logic Flaw
2014-09-03 10:55:00
cvelist
cvelist
CVE-2014-1562
2014-09-03 10:00:00
CVE-2014-1567
2014-09-03 10:00:00
cve
cve
CVE-2014-1562
2014-09-03 10:55:06
CVE-2014-1567
2014-09-03 10:55:06
nvd
nvd
CVE-2014-1567
2014-09-03 10:55:06
CVE-2014-1562
2014-09-03 10:55:06
ubuntucve
ubuntucve
CVE-2014-1562
2014-09-02 00:00:00
CVE-2014-1567
2014-09-02 00:00:00
mozilla
mozilla
Use-after-free setting text directionality — Mozilla
2014-09-02 00:00:00
Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8) — Mozilla
2014-09-02 00:00:00
zdi
zdi
Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability
2014-09-03 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2014-09-11 00:00:00
Firefox vulnerabilities
2014-09-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-09-15 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00

EPSS

0.12

Percentile

95.5%

JSON
Related for RHSA-2014:1145
redhat1suse9openvas37nessus28centos2ibm3osv2oraclelinux2debian2mageia2veracode2prion2cvelist2cve2nvd2ubuntucve2mozilla2zdi1ubuntu2securityvulns1gentoo1