[Secure-testing-team] Bug#505563: Mozilla Thunderbird Multiple Vulnerabilities
Giuseppe Iuculano
giuseppe at iuculano.it
Thu Nov 13 15:08:02 UTC 2008
Package: icedove
Severity: critical
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Thunderbird:
SA32715[1]
Description:
Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.
For more information:
SA32693
The vulnerabilities are reported in versions prior to 2.0.0.18.
Solution:
The vulnerabilities will be fixed in the upcoming 2.0.0.18 version.
The vendor recommends disabling JavaScript support.
Original Advisory:
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
Other References:
SA32693[2]
CVE reference:
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
If you fix the vulnerability please also make sure to include the the
CVE id in the changelog entry.
[1]http://secunia.com/advisories/32715/
[2]http://secunia.com/advisories/32693/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkcQtAACgkQNxpp46476ao5OwCeNCFW4/5lurndSIqfTBQtkC4i
u6EAn0NS5yuBbdPRyHFDYxVdjEPKSIZI
=41lt
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list