ID CVE-2009-2210
Summary Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
References
Vulnerable Configurations
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
    cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • cpe:2.3:a:mozilla:seamonkey:1.0.99
    cpe:2.3:a:mozilla:seamonkey:1.0.99
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • cpe:2.3:a:mozilla:thunderbird:2.0_.4
    cpe:2.3:a:mozilla:thunderbird:2.0_.4
  • cpe:2.3:a:mozilla:thunderbird:2.0_.5
    cpe:2.3:a:mozilla:thunderbird:2.0_.5
  • cpe:2.3:a:mozilla:thunderbird:2.0_.6
    cpe:2.3:a:mozilla:thunderbird:2.0_.6
  • cpe:2.3:a:mozilla:thunderbird:2.0_.9
    cpe:2.3:a:mozilla:thunderbird:2.0_.9
  • cpe:2.3:a:mozilla:thunderbird:2.0_.12
    cpe:2.3:a:mozilla:thunderbird:2.0_.12
  • cpe:2.3:a:mozilla:thunderbird:2.0_.13
    cpe:2.3:a:mozilla:thunderbird:2.0_.13
  • cpe:2.3:a:mozilla:thunderbird:2.0_.14
    cpe:2.3:a:mozilla:thunderbird:2.0_.14
  • cpe:2.3:a:mozilla:thunderbird:2.0_8
    cpe:2.3:a:mozilla:thunderbird:2.0_8
CVSS
Base: 9.3 (as of 26-06-2009 - 08:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1134.NASL
    description Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way that SeaMonkey parsed malformed HTML mail messages. If a user opened a specially crafted HTML mail message, it could cause SeaMonkey to crash or, possibly, to execute arbitrary code as the user running SeaMonkey. (CVE-2009-2210) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 39584
    published 2009-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39584
    title RHEL 3 / 4 : seamonkey (RHSA-2009:1134)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090630_SEAMONKEY_ON_SL3_X.NASL
    description A flaw was found in the way that SeaMonkey parsed malformed HTML mail messages. If a user opened a specially crafted HTML mail message, it could cause SeaMonkey to crash or, possibly, to execute arbitrary code as the user running SeaMonkey. (CVE-2009-2210) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60610
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60610
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1134.NASL
    description From Red Hat Security Advisory 2009:1134 : Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way that SeaMonkey parsed malformed HTML mail messages. If a user opened a specially crafted HTML mail message, it could cause SeaMonkey to crash or, possibly, to execute arbitrary code as the user running SeaMonkey. (CVE-2009-2210) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67885
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67885
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1134)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1134.NASL
    description Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way that SeaMonkey parsed malformed HTML mail messages. If a user opened a specially crafted HTML mail message, it could cause SeaMonkey to crash or, possibly, to execute arbitrary code as the user running SeaMonkey. (CVE-2009-2210) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 39585
    published 2009-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39585
    title CentOS 3 : seamonkey (CESA-2009:1134)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-7567.NASL
    description Update to upstream version 1.1.17, fixing multiple security flaws: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.17 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 39845
    published 2009-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39845
    title Fedora 10 : seamonkey-1.1.17-1.fc10 (2009-7567)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_SEAMONKEY-091007.NASL
    description seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42202
    published 2009-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42202
    title openSUSE Security Update : seamonkey (seamonkey-1364)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_SEAMONKEY-091007.NASL
    description seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42206
    published 2009-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42206
    title openSUSE Security Update : seamonkey (seamonkey-1364)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1125.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 39528
    published 2009-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39528
    title RHEL 4 : thunderbird (RHSA-2009:1125)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1126.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309) A flaw was found in the way Thunderbird handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Thunderbird instance that is using a proxy server, they may be able to steal sensitive information from the site Thunderbird is displaying. (CVE-2009-1836) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 43762
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43762
    title CentOS 5 : thunderbird (CESA-2009:1126)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-178-01.NASL
    description New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 39560
    published 2009-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39560
    title Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-178-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-141.NASL
    description A number of security vulnerabilities have been discovered for Mozilla Thunderbird version 2.0.0.21 (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-2210, CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1838, CVE-2009-1836, CVE-2009-1840, CVE-2009-1841). This update provides the latest Thunderbird to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 39581
    published 2009-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39581
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:141)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-7614.NASL
    description Update to upstream version 1.1.17, fixing multiple security flaws: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.17 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 39846
    published 2009-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39846
    title Fedora 11 : seamonkey-1.1.17-1.fc11 (2009-7614)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-176-01.NASL
    description New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 39522
    published 2009-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39522
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-176-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12519.NASL
    description This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via view-source: scheme. (MFSA 2009-17 / CVE-2009-1307) - POST data sent to wrong site when saving web page with embedded frame. (MFSA 2009-21 / CVE-2009-1311) - Crashes with evidence of memory corruption (rv:1.9.0.11). (MFSA 2009-24 / CVE-2009-1392/CVE-2009-1832 / CVE-2009-1833) - Arbitrary domain cookie access by local file: resources. (MFSA 2009-26 / CVE-2009-1835) - SSL tampering via non-200 responses to proxy CONNECT requests. (MFSA 2009-27 / CVE-2009-1836) - Arbitrary code execution using event listeners attached to an element whose owner document is null. (MFSA 2009-29 / CVE-2009-1838) - JavaScript chrome privilege escalation. (MFSA 2009-32 / CVE-2009-1841) - Crash viewing multipart/alternative message with text/enhanced part. (MFSA 2009-33 / CVE-2009-2210)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42048
    published 2009-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42048
    title SuSE9 Security Update : epiphany (YOU Patch Number 12519)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1126.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309) A flaw was found in the way Thunderbird handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Thunderbird instance that is using a proxy server, they may be able to steal sensitive information from the site Thunderbird is displaying. (CVE-2009-1836) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 63881
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63881
    title RHEL 5 : thunderbird (RHSA-2009:1126)
  • NASL family Windows
    NASL id SEAMONKEY_1117.NASL
    description The installed version of SeaMonkey is earlier than 1.1.17. Such versions are potentially affected by the following security issues : - When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage this to launch cross-site request forger attacks. It is also possible to exploit this to place cookie-like objects on victim's computers. (MFSA 2009-17) - An information disclosure vulnerability exists when saving the inner frame of a web page as a file when the outer page has POST data associated with it. (MFSA 2009-21) - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. (MFSA 2009-24) - It may be possible for local resources loaded via 'file:' protocol to access any domain's cookies saved on a user's system. (MFSA 2009-26) - It may be possible to tamper with SSL data via non-200 responses to proxy CONNECT requests. (MFSA 2009-27) - If the owner document of an element becomes null after garbage collection, then it may be possible to execute the event listeners within the wrong JavaScript context. An attacker can potentially exploit this vulnerability to execute arbitrary JavaScript with chrome privileges. (MFSA 2009-29) - It may be possible for scripts from page content to run with elevated privileges. (MFSA 2009-32) - It may be possible to crash SeaMonkey while viewing 'multipart/alternative' mail message with a 'text/enhanced' part. (MFSA 2009-33)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 39494
    published 2009-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39494
    title SeaMonkey < 1.1.17 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_20022.NASL
    description The installed version of Thunderbird is earlier than 2.0.0.22. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code provided JavaScript is enabled in mail. (MFSA 2009-14) - When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage this to launch cross-site request forgery attacks. It is also possible to exploit this to place cookie-like objects on victim's computers. (MFSA 2009-17) - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. (MFSA 2009-24) - It may be possible to tamper with SSL data via non-200 responses to proxy CONNECT requests. (MFSA 2009-27) - If the owner document of an element becomes null after garbage collection, then it may be possible to execute the event listeners within the wrong JavaScript context. An attacker can potentially exploit this vulnerability to execute arbitrary JavaScript with chrome privileges, provided JavaScript is enabled in mail. (MFSA 2009-29) - It may be possible for scripts from page content to run with elevated privileges. Thunderbird installs are not affected by default, however if an add-on is installed that implements functionality similar to sidebar or BrowserFeedWriter, and also enables JavaScript then the install could be vulnerable. (MFSA 2009-32) - It may be possible to crash Thunderbird while viewing a 'multipart/alternative' mail message with a 'text/enhanced' part. (MFSA 2009-33)
    last seen 2019-02-21
    modified 2018-08-22
    plugin id 39493
    published 2009-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39493
    title Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1125.NASL
    description From Red Hat Security Advisory 2009:1125 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 67881
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67881
    title Oracle Linux 4 : thunderbird (ELSA-2009-1125)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SEAMONKEY-6538.NASL
    description seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 42327
    published 2009-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42327
    title openSUSE 10 Security Update : seamonkey (seamonkey-6538)
oval via4
accepted 2013-04-29T04:23:59.144-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
family unix
id oval:org.mitre.oval:def:9994
status accepted
submitted 2010-07-09T03:56:16-04:00
title Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
version 24
redhat via4
advisories
  • bugzilla
    id 503580
    title CVE-2009-1838 Firefox arbitrary code execution flaw
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment thunderbird is earlier than 0:1.5.0.12-23.el4
      oval oval:com.redhat.rhsa:tst:20091125002
    • comment thunderbird is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060735003
    rhsa
    id RHSA-2009:1125
    released 2009-06-25
    severity Moderate
    title RHSA-2009:1125: thunderbird security update (Moderate)
  • bugzilla
    id 503580
    title CVE-2009-1838 Firefox arbitrary code execution flaw
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment thunderbird is earlier than 0:2.0.0.22-2.el5_3
      oval oval:com.redhat.rhsa:tst:20091126002
    • comment thunderbird is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070108003
    rhsa
    id RHSA-2009:1126
    released 2009-06-25
    severity Moderate
    title RHSA-2009:1126: thunderbird security update (Moderate)
  • bugzilla
    id 507812
    title CVE-2009-2210 Thunderbird mail crash
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134002
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134018
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134004
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134014
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134006
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134008
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134020
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134012
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134016
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-0.39.el3
            oval oval:com.redhat.rhsa:tst:20091134010
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-44.el4_8
            oval oval:com.redhat.rhsa:tst:20091134023
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-44.el4_8
            oval oval:com.redhat.rhsa:tst:20091134024
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-44.el4_8
            oval oval:com.redhat.rhsa:tst:20091134027
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-44.el4_8
            oval oval:com.redhat.rhsa:tst:20091134026
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-44.el4_8
            oval oval:com.redhat.rhsa:tst:20091134028
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-44.el4_8
            oval oval:com.redhat.rhsa:tst:20091134025
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
    rhsa
    id RHSA-2009:1134
    released 2009-06-30
    severity Important
    title RHSA-2009:1134: seamonkey security update (Important)
rpms
  • thunderbird-0:1.5.0.12-23.el4
  • thunderbird-0:2.0.0.22-2.el5_3
  • seamonkey-0:1.0.9-0.39.el3
  • seamonkey-chat-0:1.0.9-0.39.el3
  • seamonkey-devel-0:1.0.9-0.39.el3
  • seamonkey-dom-inspector-0:1.0.9-0.39.el3
  • seamonkey-js-debugger-0:1.0.9-0.39.el3
  • seamonkey-mail-0:1.0.9-0.39.el3
  • seamonkey-nspr-0:1.0.9-0.39.el3
  • seamonkey-nspr-devel-0:1.0.9-0.39.el3
  • seamonkey-nss-0:1.0.9-0.39.el3
  • seamonkey-nss-devel-0:1.0.9-0.39.el3
  • seamonkey-0:1.0.9-44.el4_8
  • seamonkey-chat-0:1.0.9-44.el4_8
  • seamonkey-devel-0:1.0.9-44.el4_8
  • seamonkey-dom-inspector-0:1.0.9-44.el4_8
  • seamonkey-js-debugger-0:1.0.9-44.el4_8
  • seamonkey-mail-0:1.0.9-44.el4_8
refmap via4
bid 35461
confirm
debian DSA-1830
fedora
  • FEDORA-2009-7567
  • FEDORA-2009-7614
mandriva MDVSA-2009:141
sectrack 1022433
secunia
  • 35561
  • 35602
  • 35633
  • 35882
slackware
  • SSA:2009-176-01
  • SSA:2009-178-01
xf mozilla-multipart-alternative-code-exec(51315)
Last major update 21-08-2010 - 01:33
Published 25-06-2009 - 13:30
Last modified 30-10-2018 - 12:25
Back to Top