- Home
- CVEs with nessus.description==From Red Hat Security Advisory 2007:0401 :
Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868)
Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869)
A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)
A flaw was found in the way Thunderbird displayed certain web content.
A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
(CVE-2007-2871)
Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.12 that corrects these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top