rhsa-2012_0715
Vulnerability from csaf_redhat
Published
2012-06-06 23:42
Modified
2024-12-15 18:22
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2011-3101,
CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941,
CVE-2012-1946, CVE-2012-1947)
Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers
with graphics cards that have hardware acceleration enabled.
It was found that the Content Security Policy (CSP) implementation in
Thunderbird no longer blocked Thunderbird inline event handlers. Malicious
content could possibly bypass intended restrictions if that content relied
on CSP to protect against flaws such as cross-site scripting (XSS).
(CVE-2012-1944)
If a web server hosted content that is stored on a Microsoft Windows share,
or a Samba share, loading such content with Thunderbird could result in
Windows shortcut files (.lnk) in the same share also being loaded. An
attacker could use this flaw to view the contents of local files and
directories on the victim's system. This issue also affected users opening
content from Microsoft Windows shares, or Samba shares, that are mounted
on their systems. (CVE-2012-1945)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Ken Russell of Google as the original reporter of
CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman
as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,
Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the
original reporters of CVE-2012-1938; Christian Holler as the original
reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as
the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;
security researcher Arthur Gerkis as the original reporter of
CVE-2012-1946; security researcher Adam Barth as the original reporter of
CVE-2012-1944; and security researcher Paul Stone as the original reporter
of CVE-2012-1945.
Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.5 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated thunderbird package that fixes multiple security issues is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-3101,\nCVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941,\nCVE-2012-1946, CVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display drivers\nwith graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nThunderbird no longer blocked Thunderbird inline event handlers. Malicious\ncontent could possibly bypass intended restrictions if that content relied\non CSP to protect against flaws such as cross-site scripting (XSS).\n(CVE-2012-1944)\n\nIf a web server hosted content that is stored on a Microsoft Windows share,\nor a Samba share, loading such content with Thunderbird could result in\nWindows shortcut files (.lnk) in the same share also being loaded. An\nattacker could use this flaw to view the contents of local files and\ndirectories on the victim\u0027s system. This issue also affected users opening\ncontent from Microsoft Windows shares, or Samba shares, that are mounted\non their systems. (CVE-2012-1945)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ken Russell of Google as the original reporter of\nCVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\nas the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\nBill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\noriginal reporters of CVE-2012-1938; Christian Holler as the original\nreporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\nthe original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\nsecurity researcher Arthur Gerkis as the original reporter of\nCVE-2012-1946; security researcher Adam Barth as the original reporter of\nCVE-2012-1944; and security researcher Paul Stone as the original reporter\nof CVE-2012-1945.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.5 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0715",
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "827829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829"
},
{
"category": "external",
"summary": "827830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827830"
},
{
"category": "external",
"summary": "827831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831"
},
{
"category": "external",
"summary": "827832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832"
},
{
"category": "external",
"summary": "827843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0715.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-12-15T18:22:06+00:00",
"generator": {
"date": "2024-12-15T18:22:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2012:0715",
"initial_release_date": "2012-06-06T23:42:00+00:00",
"revision_history": [
{
"date": "2012-06-06T23:42:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-06-06T23:46:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:22:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "RHEL Optional Productivity Applications (v. 5 server)",
"product": {
"name": "RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el6_2.src",
"product": {
"name": "thunderbird-0:10.0.5-2.el6_2.src",
"product_id": "thunderbird-0:10.0.5-2.el6_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el6_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el5_8.src",
"product": {
"name": "thunderbird-0:10.0.5-2.el5_8.src",
"product_id": "thunderbird-0:10.0.5-2.el5_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el5_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el6_2.x86_64",
"product": {
"name": "thunderbird-0:10.0.5-2.el6_2.x86_64",
"product_id": "thunderbird-0:10.0.5-2.el6_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el6_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"product_id": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.5-2.el6_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el5_8.x86_64",
"product": {
"name": "thunderbird-0:10.0.5-2.el5_8.x86_64",
"product_id": "thunderbird-0:10.0.5-2.el5_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el5_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"product_id": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.5-2.el5_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el6_2.i686",
"product": {
"name": "thunderbird-0:10.0.5-2.el6_2.i686",
"product_id": "thunderbird-0:10.0.5-2.el6_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el6_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"product": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"product_id": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.5-2.el6_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el6_2.s390x",
"product": {
"name": "thunderbird-0:10.0.5-2.el6_2.s390x",
"product_id": "thunderbird-0:10.0.5-2.el6_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el6_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"product": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"product_id": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.5-2.el6_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el6_2.ppc64",
"product": {
"name": "thunderbird-0:10.0.5-2.el6_2.ppc64",
"product_id": "thunderbird-0:10.0.5-2.el6_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el6_2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"product_id": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.5-2.el6_2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.5-2.el5_8.i386",
"product": {
"name": "thunderbird-0:10.0.5-2.el5_8.i386",
"product_id": "thunderbird-0:10.0.5-2.el5_8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.5-2.el5_8?arch=i386"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"product": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"product_id": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.5-2.el5_8?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386"
},
"product_reference": "thunderbird-0:10.0.5-2.el5_8.i386",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el5_8.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src"
},
"product_reference": "thunderbird-0:10.0.5-2.el5_8.src",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64"
},
"product_reference": "thunderbird-0:10.0.5-2.el5_8.x86_64",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386"
},
"product_reference": "thunderbird-0:10.0.5-2.el5_8.i386",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el5_8.src as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src"
},
"product_reference": "thunderbird-0:10.0.5-2.el5_8.src",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64"
},
"product_reference": "thunderbird-0:10.0.5-2.el5_8.x86_64",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.i686",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.ppc64",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.s390x",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.src",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.x86_64",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"relates_to_product_reference": "6Client-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.i686",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.ppc64",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.s390x",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.src",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.x86_64",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"relates_to_product_reference": "6Server-optional-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.i686",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.ppc64",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.s390x",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.src",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.5-2.el6_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64"
},
"product_reference": "thunderbird-0:10.0.5-2.el6_2.x86_64",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"relates_to_product_reference": "6Workstation-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"relates_to_product_reference": "6Workstation-6.2.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ken Russell"
],
"organization": "Google",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Igor Bukanov",
"Olli Pettay",
"Boris Zbarsky",
"Jesse Ruderman",
"Bill McCloskey",
"Christian Holler",
"Andrew McCreight",
"Brian Bondy"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2011-3101",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827829"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-3101"
},
{
"category": "external",
"summary": "RHBZ#827829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3101",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3101"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Igor Bukanov",
"Olli Pettay",
"Boris Zbarsky",
"Jesse Ruderman",
"Bill McCloskey",
"Christian Holler",
"Andrew McCreight",
"Brian Bondy"
],
"summary": "Acknowledged by upstream."
},
{
"names": [
"Ken Russell"
],
"organization": "Google",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1937",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827829"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1937"
},
{
"category": "external",
"summary": "RHBZ#827829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1937",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1937"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1937",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1937"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ken Russell"
],
"organization": "Google",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Igor Bukanov",
"Olli Pettay",
"Boris Zbarsky",
"Jesse Ruderman",
"Bill McCloskey",
"Christian Holler",
"Andrew McCreight",
"Brian Bondy"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1938",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827829"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1938"
},
{
"category": "external",
"summary": "RHBZ#827829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1938"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ken Russell"
],
"organization": "Google",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Igor Bukanov",
"Andrew McCreight",
"Brian Bondy",
"Olli Pettay",
"Boris Zbarsky",
"Jesse Ruderman",
"Bill McCloskey",
"Christian Holler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1939",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827829"
}
],
"notes": [
{
"category": "description",
"text": "jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1939"
},
{
"category": "external",
"summary": "RHBZ#827829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1939",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1939"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1940",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827843"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1940"
},
{
"category": "external",
"summary": "RHBZ#827843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1940",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1940"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1940",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1940"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1941",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827843"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1941"
},
{
"category": "external",
"summary": "RHBZ#827843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1941"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1944",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827830"
}
],
"notes": [
{
"category": "description",
"text": "The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy inline-script bypass (MFSA 2012-36)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1944"
},
{
"category": "external",
"summary": "RHBZ#827830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1944"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Content Security Policy inline-script bypass (MFSA 2012-36)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1945",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827831"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1945"
},
{
"category": "external",
"summary": "RHBZ#827831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1945"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1946",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827832"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1946"
},
{
"category": "external",
"summary": "RHBZ#827832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1946",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1946"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1947",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827843"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1947"
},
{
"category": "external",
"summary": "RHBZ#827843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1947"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Ken Russell"
],
"organization": "Google",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Igor Bukanov",
"Olli Pettay",
"Boris Zbarsky",
"Jesse Ruderman",
"Bill McCloskey",
"Christian Holler",
"Andrew McCreight",
"Brian Bondy"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3105",
"discovery_date": "2012-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827829"
}
],
"notes": [
{
"category": "description",
"text": "The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3105"
},
{
"category": "external",
"summary": "RHBZ#827829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3105",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3105"
}
],
"release_date": "2012-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-06T23:42:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0715"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.5-2.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.5-2.el5_8.x86_64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Client-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Client-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Server-optional-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Server-optional-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.src",
"6Workstation-6.2.z:thunderbird-0:10.0.5-2.el6_2.x86_64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.i686",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.ppc64",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.s390x",
"6Workstation-6.2.z:thunderbird-debuginfo-0:10.0.5-2.el6_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.