Nom du paquet
mozilla-thunderbird
Date
2006-03-02
Advisory ID
MDKSA-2006:052
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier
allows user-complicit attackers to bypass javascript security settings
and obtain sensitive information or cause a crash via an e-mail
containing a javascript URI in the SRC attribute of an IFRAME tag,
which is executed when the user edits the e-mail.

Updated packages have been patched to address this issue.

Updated packages

2006.0 i586

 646abf3bc3c25a904498d9541dea7a58  2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.i586.rpm
 2c68bd202ca52fe8cf1b029f0230c594  2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.i586.rpm
 e0d0c47265afb383f57e6f4ac7fa06d1  2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.i586.rpm
 0be8e091708def590ae501da074072d9  2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm

2006.0 x86_64

 d247e98e223e3fcb1a8580035d6bb064  x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.x86_64.rpm
 6fef56fe569049c4f543d3cd69c83615  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.x86_64.rpm
 2dcbb24281171d71e78116d5f336b995  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.x86_64.rpm
 0be8e091708def590ae501da074072d9  x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm

References