[Full-disclosure] FLEA-2007-0027-1: thunderbird

From: Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Jun 2007 11:49:51 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0027-1
Published: 2007-06-20

Rating: Major

Updated Versions:
thunderbird=/conary.rpath.com@rpl:devel//foresight.rpath.org@fl:1-devel//1/2.0.0.4-0.1-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3-0.6-5

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
https://issues.rpath.com/browse/RPL-1425

Description:
Previous versions of the thunderbird package are vulnerable to multiple
vulnerabilities in the layout and javascript engines which are known to
cause a denial-of-service (crash) and could potentially be exploited to
execute arbitrary attacker-provided code. In addition, a man-in-the-middle
attack which could be used to steal the first 3 characters of a passphrase
when using APOP has been fixed.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRnlMkdfwEn07iAtZAQLXaRAAxjFW1+ns4U7DnZERyAdyWFVMILwe3aGW
TjZzpo9SR1T3cGXTCxRgLci/cmS/mHi1Pob7IDXau2/45rYe32AKMf+4hKOyaOyR
Aqc6EmZfYa4smBTtULJiFVPvEmeZU+wBk481XZyjOuug/iCa0oRdo+z6sG5doLXZ
c57jAeoZm+DNrXV1Q3DVL/rE2TLd5KIjctxLysgBrnzdLw5wdv7xSho6+NJjGXe0
LqPY7BPdoAiMLUGTFc/BWAv0YZ1L7k60QpexRlgVvXAJLiirElKCDe0KYv9jIFxb
TJRHrNKAWafyHThYRnKzf/qC2yLy1qBqfbnnwTtJjhAHO/FbpHsMYBeU1H+gFeJM
f8cOEJCpypax85lQkFK9uB+WkeNN04gM+zZHzdiwBfhAJnDOAbL19C/W/EHvhmjM
NMDnPtIsU7xsLo4W8GhZkq8MZ3pULiVK+fdm2VnqQ8keuTCj5e7hp8ra3aKtuF1C
JCISzrrTvw1FC+g1D1HxoUun6/zkGx2zIPPzkK4MBH5kwAvqADhfCx5hqTJrmGri
ET5S0n1UqrJ8rSa8Mmb/mHGaSPPRRE/h10fKkZWgknbjhQpLDTsPGWLMN15GtdyC
6lMX4ykpcUXdUBWop7HVerPk2x3i91VGS0ymPHLana5CKw3fZFpAmGyQzgKdctks
yXSZXBFca08=
=CjxU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] IPS Evasion with the Apache HTTP Server
Next by Date: [Full-disclosure] sqlninja 0.1.2 released
Previous by thread: [Full-disclosure] CISSP class #2: SQL injection
Next by thread: [Full-disclosure] [ MDKSA-2007:130 ] - Updated proftpd packages fix authentication bypass vulnerability
Index(es):
- Date
- Thread

Relevant Pages

FLEA-2007-0027-1: thunderbird
... Previous versions of the thunderbird package are vulnerable to multiple ... vulnerabilities in the layout and javascript engines which are known to ... Copyright 2007 Foresight Linux Project ...
(Bugtraq)
[Full-disclosure] [ MDVSA-2009:331 ] kdegraphics
... Multiple vulnerabilities has been found and corrected in kdegraphics: ... earlier allow remote attackers to cause a denial of service ... GPG public key of the Mandriva Security Team by executing: ...
(Full-Disclosure)
[ MDVSA-2009:331 ] kdegraphics
... Multiple vulnerabilities has been found and corrected in kdegraphics: ... earlier allow remote attackers to cause a denial of service ... GPG public key of the Mandriva Security Team by executing: ...
(Bugtraq)
AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities
... AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities ... SAMPLE CODE ... used in SQL queries and from the PHP's upload functions. ...
(Bugtraq)
SecurityFocus Microsoft Newsletter #306
... Microsoft Office security, part two ... Microsoft Internet Explorer COM Object Instantiation Daxctle.OCX Heap Buffer Overflow vulnerability. ... Cybozu Garoon Multiple SQL Injection Vulnerabilities ...
(Focus-Microsoft)