MDKSA-2006:052
- Package name
- mozilla-thunderbird
- Date
- 2006-03-02
- Advisory ID
- MDKSA-2006:052
- Affected versions
- 2006.0 i586 , 2006.0 x86_64
Problem description
The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier
allows user-complicit attackers to bypass javascript security settings
and obtain sensitive information or cause a crash via an e-mail
containing a javascript URI in the SRC attribute of an IFRAME tag,
which is executed when the user edits the e-mail.
Updated packages have been patched to address this issue.
Updated packages
2006.0 i586
646abf3bc3c25a904498d9541dea7a58 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.i586.rpm 2c68bd202ca52fe8cf1b029f0230c594 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.i586.rpm e0d0c47265afb383f57e6f4ac7fa06d1 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.i586.rpm 0be8e091708def590ae501da074072d9 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm
2006.0 x86_64
d247e98e223e3fcb1a8580035d6bb064 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.x86_64.rpm 6fef56fe569049c4f543d3cd69c83615 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.x86_64.rpm 2dcbb24281171d71e78116d5f336b995 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.x86_64.rpm 0be8e091708def590ae501da074072d9 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm