[FEDORA-2008-3557] Fedora 8: thunderbird
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws
were found in the processing of some malformed HTML mail content. An HTML mail
message containing such malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code as the user running Thunderbird.
(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws
were found in the display of malformed web content. An HTML mail message
containing specially-crafted content could, potentially, trick a user into
surrendering sensitive information. (CVE-2008-1234) A flaw was found in the
processing of malformed JavaScript content. An HTML mail message containing
such malicious content could cause Thunderbird to crash or, potentially,
execute arbitrary code as the user running Thunderbird. (CVE-2008-1380)
Note: JavaScript support is disabled by default in Thunderbird; the above issue
is not exploitable unless JavaScript is enabled. All Thunderbird users should
upgrade to these updated packages, which contain backported patches to resolve
these issues.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/thunderbird?distro=fedora-8
|
< 2.0.0.14.1.fc8 |
- ID
- FEDORA-2008-3557
- Severity
- high
- Severity from
- CVE-2008-1235
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2008-3557
- Published
-
2008-05-10T13:55:06
(16 years ago) - Modified
-
2008-05-10T13:55:06
(16 years ago) - Rights
- Copyright 2008 Red Hat, Inc.
- Other Advisories
-
-
ELSA-2008-0207
-
ELSA-2008-0222
-
FEDORA-2008-2662
-
FEDORA-2008-2682
-
FEDORA-2008-3231
-
FEDORA-2008-3249
-
FEDORA-2008-3264
-
FEDORA-2008-3283
-
FEDORA-2008-3519
-
FREEBSD:12B336C6-FE36-11DC-B09C-001C2514716C
-
FREEBSD:67BD39BA-12B5-11DD-BAB7-0016179B2DD5
-
GLSA-200805-18
-
GLSA-200808-03
-
SSA:2008-108-01
-
SSA:2008-128-02
-
USN-592-1
-
USN-602-1
-
USN-605-1
-
VU:441529
-
VU:466521
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 440518 | Bug #440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash |
|
| Bugzilla | 438721 | Bug #438721 - CVE-2008-1237 javascript crashes |
|
| Bugzilla | 438717 | Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal |
|
| Bugzilla | 438713 | Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution |
|
| Bugzilla | 438715 | Bug #438715 - CVE-2008-1234 universal XSS using event handlers |
|
| Bugzilla | 438718 | Bug #438718 - CVE-2008-1236 browser engine crashes |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/thunderbird?distro=fedora-8 | fedora |
thunderbird
|
< 2.0.0.14.1.fc8 | fedora-8 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |