[FEDORA-2008-6706] Fedora 8: thunderbird
Updated thunderbird packages that fix several security issues are now available
for Fedora 8. Several flaws were found in the processing of malformed HTML
content. An HTML mail containing malicious content could cause Thunderbird to
crash or, potentially, execute arbitrary code as the user running Thunderbird.
(CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Multiple flaws
were found in the processing of malformed JavaScript content. An HTML mail
containing such malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code as the user running Thunderbird.
(CVE-2008-2802, CVE-2008-2803) A flaw was found in the way a malformed
.properties file was processed by Thunderbird. A malicious extension could read
uninitialized memory, possibly leaking sensitive data to the extension.
(CVE-2008-2807) A flaw was found in the way Thunderbird displayed information
about self-signed certificates. It was possible for a self-signed certificate to
contain multiple alternate name entries, which were not all displayed to the
user, allowing them to mistakenly extend trust to an unknown site.
(CVE-2008-2809) Thunderbird was updated to upstream version 2.0.0.16 to
address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/thunderbird20.html#thunderbird2.0.0.16
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/thunderbird?distro=fedora-8
|
< 2.0.0.16.1.fc8 |
- ID
- FEDORA-2008-6706
- Severity
- high
- Severity from
- CVE-2008-2798
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2008-6706
- Published
-
2008-08-07T23:56:32
(16 years ago) - Modified
-
2008-08-07T23:56:32
(16 years ago) - Rights
- Copyright 2008 Red Hat, Inc.
- Other Advisories
ELSA-2008-0569
GLSA-200808-03
USN-619-1
VU:607267| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 452600 | Bug #452600 - CVE-2008-2802 Firefox arbitrary JavaScript code execution |
|
| Bugzilla | 452602 | Bug #452602 - CVE-2008-2803 Firefox javascript arbitrary code execution |
|
| Bugzilla | 452597 | Bug #452597 - CVE-2008-2798 Firefox malformed web content flaws |
|
| Bugzilla | 452709 | Bug #452709 - CVE-2008-2807 Firefox .properties memory leak |
|
| Bugzilla | 452598 | Bug #452598 - CVE-2008-2799 Firefox javascript arbitrary code execution |
|
| Bugzilla | 453007 | Bug #453007 - CVE-2008-2811 Firefox block reflow flaw |
|
| Bugzilla | 452204 | Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349) |
|
| Bugzilla | 452711 | Bug #452711 - CVE-2008-2809 Firefox self signed certificate flaw |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/thunderbird?distro=fedora-8 | fedora |
thunderbird
|
< 2.0.0.16.1.fc8 | fedora-8 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |