Moderate: thunderbird security update
| Advisory: | RHSA-2011:0312-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2011-03-01 |
| Last updated on: | 2011-03-01 |
| Affected Products: | RHEL Optional Productivity Applications (v. 5 server) RHEL Optional Productivity Applications EUS (v. 5.6.z server) RHEL Optional Productivity Applications Long Life (v. 5.6 server) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.8.z) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.8.z) Red Hat Enterprise Linux WS (v. 4) |
| CVEs (cve.mitre.org): |
CVE-2011-0051 CVE-2011-0053 |
Details
An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-0051, CVE-2011-0053)
Note: JavaScript support is disabled by default in Thunderbird. The above
issues are not exploitable unless JavaScript is enabled.
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| RHEL Optional Productivity Applications (v. 5 server) | |
| SRPMS: | |
| thunderbird-2.0.0.24-14.el5_6.src.rpm File outdated by: RHSA-2011:0887 |
MD5: 70495cbf86434e160dc2df9d37c128b5 SHA-256: 4f616834ced89cfc1fed6dbb0c73e53358123683e72e5329e97c48a709ae4815 |
| IA-32: | |
| thunderbird-2.0.0.24-14.el5_6.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: c5881aaff57f4eb664c093f5b3734691 SHA-256: a3838a0c61c688f8c285f002e05a7359ee103c21048d76961ad773ef36600509 |
| x86_64: | |
| thunderbird-2.0.0.24-14.el5_6.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: b093a33b282785055285430a02c7a0f8 SHA-256: d066fb0be3fbe5e7023c7c960265c40d69737f3e6dab96448833b6db23301dcc |
| RHEL Optional Productivity Applications EUS (v. 5.6.z server) | |
| SRPMS: | |
| thunderbird-2.0.0.24-14.el5_6.src.rpm File outdated by: RHSA-2011:0887 |
MD5: 70495cbf86434e160dc2df9d37c128b5 SHA-256: 4f616834ced89cfc1fed6dbb0c73e53358123683e72e5329e97c48a709ae4815 |
| IA-32: | |
| thunderbird-2.0.0.24-14.el5_6.i386.rpm File outdated by: RHSA-2011:0887 |
MD5: c5881aaff57f4eb664c093f5b3734691 SHA-256: a3838a0c61c688f8c285f002e05a7359ee103c21048d76961ad773ef36600509 |
| x86_64: | |
| thunderbird-2.0.0.24-14.el5_6.x86_64.rpm File outdated by: RHSA-2011:0887 |
MD5: b093a33b282785055285430a02c7a0f8 SHA-256: d066fb0be3fbe5e7023c7c960265c40d69737f3e6dab96448833b6db23301dcc |
| Red Hat Desktop (v. 4) | |
| SRPMS: | |
| thunderbird-1.5.0.12-35.el4.src.rpm File outdated by: RHSA-2012:0085 |
MD5: 9ead4bfbce6fee011bed0effd8d29a95 SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd |
| IA-32: | |
| thunderbird-1.5.0.12-35.el4.i386.rpm File outdated by: RHSA-2012:0085 |
MD5: df3c6a8bc1c888afcb536578bf76dab3 SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a |
| x86_64: | |
| thunderbird-1.5.0.12-35.el4.x86_64.rpm File outdated by: RHSA-2012:0085 |
MD5: f3879836a6c54be2b74346bac7ddf927 SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9 |
| Red Hat Enterprise Linux AS (v. 4) | |
| SRPMS: | |
| thunderbird-1.5.0.12-35.el4.src.rpm File outdated by: RHSA-2012:0085 |
MD5: 9ead4bfbce6fee011bed0effd8d29a95 SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd |
| IA-32: | |
| thunderbird-1.5.0.12-35.el4.i386.rpm File outdated by: RHSA-2012:0085 |
MD5: df3c6a8bc1c888afcb536578bf76dab3 SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a |
| IA-64: | |
| thunderbird-1.5.0.12-35.el4.ia64.rpm File outdated by: RHSA-2012:0085 |
MD5: 8c7a8e8d105cfa16c8051b0770b486fe SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a |
| PPC: | |
| thunderbird-1.5.0.12-35.el4.ppc.rpm File outdated by: RHSA-2012:0085 |
MD5: 2c750e240a6e765a55c798878b788155 SHA-256: 9dba41252e076cdd1a90fee87e6ec1ed16d97559ecb1bb2e85ec74226879d3d0 |
| s390: | |
| thunderbird-1.5.0.12-35.el4.s390.rpm File outdated by: RHSA-2012:0085 |
MD5: 74c3a404c7ddde4062a01eea6198c044 SHA-256: 922c1e5b49a8dc1017000898885c778fc405533fd657d80cb0b29f8175fd1d4c |
| s390x: | |
| thunderbird-1.5.0.12-35.el4.s390x.rpm File outdated by: RHSA-2012:0085 |
MD5: c5311512bdf79c94d42f734726153322 SHA-256: 339baaf424d29490a34dc1ba8949f494d8a93821d66e2f624aae78b683f51ecf |
| x86_64: | |
| thunderbird-1.5.0.12-35.el4.x86_64.rpm File outdated by: RHSA-2012:0085 |
MD5: f3879836a6c54be2b74346bac7ddf927 SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9 |
| Red Hat Enterprise Linux AS (v. 4.8.z) | |
| SRPMS: | |
| thunderbird-1.5.0.12-35.el4.src.rpm File outdated by: RHSA-2012:0085 |
MD5: 9ead4bfbce6fee011bed0effd8d29a95 SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd |
| IA-32: | |
| thunderbird-1.5.0.12-35.el4.i386.rpm File outdated by: RHSA-2011:0887 |
MD5: df3c6a8bc1c888afcb536578bf76dab3 SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a |
| IA-64: | |
| thunderbird-1.5.0.12-35.el4.ia64.rpm File outdated by: RHSA-2011:0887 |
MD5: 8c7a8e8d105cfa16c8051b0770b486fe SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a |
| PPC: | |
| thunderbird-1.5.0.12-35.el4.ppc.rpm File outdated by: RHSA-2011:0887 |
MD5: 2c750e240a6e765a55c798878b788155 SHA-256: 9dba41252e076cdd1a90fee87e6ec1ed16d97559ecb1bb2e85ec74226879d3d0 |
| s390: | |
| thunderbird-1.5.0.12-35.el4.s390.rpm File outdated by: RHSA-2011:0887 |
MD5: 74c3a404c7ddde4062a01eea6198c044 SHA-256: 922c1e5b49a8dc1017000898885c778fc405533fd657d80cb0b29f8175fd1d4c |
| s390x: | |
| thunderbird-1.5.0.12-35.el4.s390x.rpm File outdated by: RHSA-2011:0887 |
MD5: c5311512bdf79c94d42f734726153322 SHA-256: 339baaf424d29490a34dc1ba8949f494d8a93821d66e2f624aae78b683f51ecf |
| x86_64: | |
| thunderbird-1.5.0.12-35.el4.x86_64.rpm File outdated by: RHSA-2011:0887 |
MD5: f3879836a6c54be2b74346bac7ddf927 SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| thunderbird-2.0.0.24-14.el5_6.src.rpm File outdated by: RHSA-2011:0887 |
MD5: 70495cbf86434e160dc2df9d37c128b5 SHA-256: 4f616834ced89cfc1fed6dbb0c73e53358123683e72e5329e97c48a709ae4815 |
| IA-32: | |
| thunderbird-2.0.0.24-14.el5_6.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: c5881aaff57f4eb664c093f5b3734691 SHA-256: a3838a0c61c688f8c285f002e05a7359ee103c21048d76961ad773ef36600509 |
| x86_64: | |
| thunderbird-2.0.0.24-14.el5_6.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: b093a33b282785055285430a02c7a0f8 SHA-256: d066fb0be3fbe5e7023c7c960265c40d69737f3e6dab96448833b6db23301dcc |
| Red Hat Enterprise Linux ES (v. 4) | |
| SRPMS: | |
| thunderbird-1.5.0.12-35.el4.src.rpm File outdated by: RHSA-2012:0085 |
MD5: 9ead4bfbce6fee011bed0effd8d29a95 SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd |
| IA-32: | |
| thunderbird-1.5.0.12-35.el4.i386.rpm File outdated by: RHSA-2012:0085 |
MD5: df3c6a8bc1c888afcb536578bf76dab3 SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a |
| IA-64: | |
| thunderbird-1.5.0.12-35.el4.ia64.rpm File outdated by: RHSA-2012:0085 |
MD5: 8c7a8e8d105cfa16c8051b0770b486fe SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a |
| x86_64: | |
| thunderbird-1.5.0.12-35.el4.x86_64.rpm File outdated by: RHSA-2012:0085 |
MD5: f3879836a6c54be2b74346bac7ddf927 SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9 |
| Red Hat Enterprise Linux ES (v. 4.8.z) | |
| SRPMS: | |
| thunderbird-1.5.0.12-35.el4.src.rpm File outdated by: RHSA-2012:0085 |
MD5: 9ead4bfbce6fee011bed0effd8d29a95 SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd |
| IA-32: | |
| thunderbird-1.5.0.12-35.el4.i386.rpm File outdated by: RHSA-2011:0887 |
MD5: df3c6a8bc1c888afcb536578bf76dab3 SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a |
| IA-64: | |
| thunderbird-1.5.0.12-35.el4.ia64.rpm File outdated by: RHSA-2011:0887 |
MD5: 8c7a8e8d105cfa16c8051b0770b486fe SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a |
| x86_64: | |
| thunderbird-1.5.0.12-35.el4.x86_64.rpm File outdated by: RHSA-2011:0887 |
MD5: f3879836a6c54be2b74346bac7ddf927 SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9 |
| Red Hat Enterprise Linux WS (v. 4) | |
| SRPMS: | |
| thunderbird-1.5.0.12-35.el4.src.rpm File outdated by: RHSA-2012:0085 |
MD5: 9ead4bfbce6fee011bed0effd8d29a95 SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd |
| IA-32: | |
| thunderbird-1.5.0.12-35.el4.i386.rpm File outdated by: RHSA-2012:0085 |
MD5: df3c6a8bc1c888afcb536578bf76dab3 SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a |
| IA-64: | |
| thunderbird-1.5.0.12-35.el4.ia64.rpm File outdated by: RHSA-2012:0085 |
MD5: 8c7a8e8d105cfa16c8051b0770b486fe SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a |
| x86_64: | |
| thunderbird-1.5.0.12-35.el4.x86_64.rpm File outdated by: RHSA-2012:0085 |
MD5: f3879836a6c54be2b74346bac7ddf927 SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
675087 - CVE-2011-0051 Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
References
https://www.redhat.com/security/data/cve/CVE-2011-0051.html
https://www.redhat.com/security/data/cve/CVE-2011-0053.html
https://access.redhat.com/security/updates/classification/#moderate
https://www.redhat.com/security/data/cve/CVE-2011-0053.html
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
