Mozilla Thunderbird: Moderate Security Update

Users of Mozilla Thunderbird please be advised of a moderate security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0896-01: [RHSA-2010:0896-01] Moderate: thunderbird security update
Product: Red Hat Enterprise Linux
Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

A race condition flaw was found in the way Thunderbird handled Document

Object Model (DOM) element properties. An HTML mail message containing

malicious content could cause Thunderbird to crash or, potentially, execute

arbitrary code with the privileges of the user running Thunderbird.

(CVE-2010-3765)

Several flaws were found in the processing of malformed HTML mail content.

An HTML mail message containing malicious content could cause Thunderbird

to crash or, potentially, execute arbitrary code with the privileges of the

user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,

CVE-2010-3180, CVE-2010-3183)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML

content could steal private data from different remote HTML content

Thunderbird had loaded. (CVE-2010-3178)
Read more at http://www.criticalwatch.com

 

Advertisements