[FEDORA-2009-2884] Fedora 9: thunderbird
Severity
High
Affected Packages
1
CVEs
8
Several flaws were found in the processing of malformed HTML mail content. An
HTML mail message containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code as the user running Thunderbird.
(CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,
CVE-2009-0775) Several flaws were found in the way malformed content was
processed. An HTML mail message containing specially-crafted content could
potentially trick a Thunderbird user into surrendering sensitive information.
(CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by
default in Thunderbird. None of the above issues are exploitable unless
JavaScript is enabled.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/thunderbird?distro=fedora-9
|
< 2.0.0.21.1.fc9 |
- ID
- FEDORA-2009-2884
- Severity
- high
- Severity from
- CVE-2009-0352
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2009-2884
- Published
-
2009-03-21T01:29:45
(15 years ago) - Modified
-
2009-03-21T01:29:45
(15 years ago) - Rights
- Copyright 2009 Red Hat, Inc.
- Other Advisories
-
-
ELSA-2009-0256
-
ELSA-2009-0315
-
ELSA-2009-0333
-
FEDORA-2009-1398
-
FEDORA-2009-1399
-
FEDORA-2009-1976
-
FEDORA-2009-2045
-
FEDORA-2009-2112
-
FEDORA-2009-2128
-
FEDORA-2009-2131
-
FEDORA-2009-2421
-
FEDORA-2009-2422
-
FEDORA-2009-2882
-
FEDORA-2009-3101
-
FEDORA-2009-3161
-
FEDORA-2009-6531
-
FEDORA-2009-6603
-
FREEBSD:8B491182-F842-11DD-94D9-0030843D3802
-
FREEBSD:EA2411A4-08E8-11DE-B88A-0022157515B2
-
GLSA-200903-28
-
GLSA-201209-25
-
GLSA-201301-01
-
GLSA-201412-08
-
SSA:2009-051-01
-
USN-717-1
-
USN-717-2
-
USN-728-1
-
USN-728-2
-
USN-728-3
-
USN-730-1
-
USN-741-1
-
VU:649212
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 488290 | Bug #488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect |
|
| Bugzilla | 488273 | Bug #488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes |
|
| Bugzilla | 486355 | Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw |
|
| Bugzilla | 483141 | Bug #483141 - CVE-2009-0353 Firefox javascript crashes with evidence of memory corruption |
|
| Bugzilla | 483139 | Bug #483139 - CVE-2009-0352 Firefox layout crashes with evidence of memory corruption |
|
| Bugzilla | 483143 | Bug #483143 - CVE-2009-0355 Firefox local file stealing with SessionStore |
|
| Bugzilla | 488287 | Bug #488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability |
|
| Bugzilla | 488283 | Bug #488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/thunderbird?distro=fedora-9 | fedora |
thunderbird
|
< 2.0.0.21.1.fc9 | fedora-9 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |