rhsa-2012_1089
Vulnerability from csaf_redhat
Published
2012-07-17 18:51
Modified
2024-11-22 05:33
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2012-1948,
CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,
CVE-2012-1962, CVE-2012-1967)
Malicious content could bypass same-compartment security wrappers (SCSW)
and execute arbitrary code with chrome privileges. (CVE-2012-1959)
A flaw in the way Thunderbird called history.forward and history.back could
allow an attacker to conceal a malicious URL, possibly tricking a user
into believing they are viewing trusted content. (CVE-2012-1955)
A flaw in a parser utility class used by Thunderbird to parse feeds (such
as RSS) could allow an attacker to execute arbitrary JavaScript with the
privileges of the user running Thunderbird. This issue could have affected
other Thunderbird components or add-ons that assume the class returns
sanitized input. (CVE-2012-1957)
A flaw in the way Thunderbird handled X-Frame-Options headers could allow
malicious content to perform a clickjacking attack. (CVE-2012-1961)
A flaw in the way Content Security Policy (CSP) reports were generated by
Thunderbird could allow malicious content to steal a victim's OAuth 2.0
access tokens and OpenID credentials. (CVE-2012-1963)
A flaw in the way Thunderbird handled certificate warnings could allow a
man-in-the-middle attacker to create a crafted warning, possibly tricking
a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)
The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6
introduced a mitigation for the CVE-2011-3389 flaw. For compatibility
reasons, it remains disabled by default in the nss packages. This update
makes Thunderbird enable the mitigation by default. It can be disabled by
setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before
launching Thunderbird. (BZ#838879)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill
McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby
Holley, Mariusz Mlynski, Mario Heiderich, Frédéric Buclin, Karthikeyan
Bhargavan, and Matt McCutchen as the original reporters of these issues.
Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.6 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated thunderbird package that fixes multiple security issues is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim\u0027s OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Fr\u00e9d\u00e9ric Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:1089",
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2012-0337.html",
"url": "https://rhn.redhat.com/errata/RHBA-2012-0337.html"
},
{
"category": "external",
"summary": "838879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838879"
},
{
"category": "external",
"summary": "840201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201"
},
{
"category": "external",
"summary": "840205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205"
},
{
"category": "external",
"summary": "840206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206"
},
{
"category": "external",
"summary": "840208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208"
},
{
"category": "external",
"summary": "840211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211"
},
{
"category": "external",
"summary": "840212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212"
},
{
"category": "external",
"summary": "840214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214"
},
{
"category": "external",
"summary": "840215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215"
},
{
"category": "external",
"summary": "840220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220"
},
{
"category": "external",
"summary": "840222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222"
},
{
"category": "external",
"summary": "840259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1089.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T05:33:35+00:00",
"generator": {
"date": "2024-11-22T05:33:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2012:1089",
"initial_release_date": "2012-07-17T18:51:00+00:00",
"revision_history": [
{
"date": "2012-07-17T18:51:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-07-17T18:56:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T05:33:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL Optional Productivity Applications (v. 5 server)",
"product": {
"name": "RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"product": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"product_id": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.6-1.el5_8?arch=i386"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el5_8.i386",
"product": {
"name": "thunderbird-0:10.0.6-1.el5_8.i386",
"product_id": "thunderbird-0:10.0.6-1.el5_8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el5_8?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"product_id": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.6-1.el5_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el5_8.x86_64",
"product": {
"name": "thunderbird-0:10.0.6-1.el5_8.x86_64",
"product_id": "thunderbird-0:10.0.6-1.el5_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el5_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el6_3.x86_64",
"product": {
"name": "thunderbird-0:10.0.6-1.el6_3.x86_64",
"product_id": "thunderbird-0:10.0.6-1.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"product_id": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.6-1.el6_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el5_8.src",
"product": {
"name": "thunderbird-0:10.0.6-1.el5_8.src",
"product_id": "thunderbird-0:10.0.6-1.el5_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el5_8?arch=src"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el6_3.src",
"product": {
"name": "thunderbird-0:10.0.6-1.el6_3.src",
"product_id": "thunderbird-0:10.0.6-1.el6_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el6_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el6_3.ppc64",
"product": {
"name": "thunderbird-0:10.0.6-1.el6_3.ppc64",
"product_id": "thunderbird-0:10.0.6-1.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el6_3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"product_id": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.6-1.el6_3?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el6_3.s390x",
"product": {
"name": "thunderbird-0:10.0.6-1.el6_3.s390x",
"product_id": "thunderbird-0:10.0.6-1.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el6_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"product": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"product_id": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.6-1.el6_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.6-1.el6_3.i686",
"product": {
"name": "thunderbird-0:10.0.6-1.el6_3.i686",
"product_id": "thunderbird-0:10.0.6-1.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.6-1.el6_3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"product": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"product_id": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.6-1.el6_3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386"
},
"product_reference": "thunderbird-0:10.0.6-1.el5_8.i386",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el5_8.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src"
},
"product_reference": "thunderbird-0:10.0.6-1.el5_8.src",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64"
},
"product_reference": "thunderbird-0:10.0.6-1.el5_8.x86_64",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386"
},
"product_reference": "thunderbird-0:10.0.6-1.el5_8.i386",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el5_8.src as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src"
},
"product_reference": "thunderbird-0:10.0.6-1.el5_8.src",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64"
},
"product_reference": "thunderbird-0:10.0.6-1.el5_8.x86_64",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.src",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.i686",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.ppc64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.s390x",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.src",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.x86_64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.src",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.6-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64"
},
"product_reference": "thunderbird-0:10.0.6-1.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Benoit Jacob",
"Jesse Ruderman",
"Christian Holler",
"Bill McCloskey"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1948",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840201"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1948"
},
{
"category": "external",
"summary": "RHBZ#840201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1948"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1951",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840205"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Gecko memory corruption (MFSA 2012-44)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1951"
},
{
"category": "external",
"summary": "RHBZ#840205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1951"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Gecko memory corruption (MFSA 2012-44)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1952",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840205"
}
],
"notes": [
{
"category": "description",
"text": "The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Gecko memory corruption (MFSA 2012-44)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1952"
},
{
"category": "external",
"summary": "RHBZ#840205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1952",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1952"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1952"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Gecko memory corruption (MFSA 2012-44)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1953",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840205"
}
],
"notes": [
{
"category": "description",
"text": "The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Gecko memory corruption (MFSA 2012-44)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1953"
},
{
"category": "external",
"summary": "RHBZ#840205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1953",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1953"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Gecko memory corruption (MFSA 2012-44)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1954",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840205"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Gecko memory corruption (MFSA 2012-44)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1954"
},
{
"category": "external",
"summary": "RHBZ#840205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1954"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Gecko memory corruption (MFSA 2012-44)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mariusz Mlynski"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1955",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840206"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Spoofing issue with location (MFSA 2012-45)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1955"
},
{
"category": "external",
"summary": "RHBZ#840206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1955"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Spoofing issue with location (MFSA 2012-45)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mario Heiderich"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1957",
"discovery_date": "2012-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840208"
}
],
"notes": [
{
"category": "description",
"text": "An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1957"
},
{
"category": "external",
"summary": "RHBZ#840208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1957",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1957"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840211"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1958"
},
{
"category": "external",
"summary": "RHBZ#840211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1958",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1958"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mozilla developer Bobby Holley"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1959",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840212"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Same-compartment Security Wrappers can be bypassed (MFSA 2012-49)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1959"
},
{
"category": "external",
"summary": "RHBZ#840212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1959",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1959"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Same-compartment Security Wrappers can be bypassed (MFSA 2012-49)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mozilla developer Fr\u00e9d\u00e9ric Buclin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1961",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840214"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1961"
},
{
"category": "external",
"summary": "RHBZ#840214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1961"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Bill Keese"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1962",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840215"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1962"
},
{
"category": "external",
"summary": "RHBZ#840215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1962"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-1963",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840220"
}
],
"notes": [
{
"category": "description",
"text": "The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1963"
},
{
"category": "external",
"summary": "RHBZ#840220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1963",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1963"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)"
},
{
"acknowledgments": [
{
"names": [
"Matt McCutchen"
]
}
],
"cve": "CVE-2012-1964",
"discovery_date": "2012-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840222"
}
],
"notes": [
{
"category": "description",
"text": "The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1964"
},
{
"category": "external",
"summary": "RHBZ#840222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1964",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1964"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1964",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1964"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"moz_bug_r_a4"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1967",
"discovery_date": "2012-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "840259"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Code execution through javascript: URLs (MFSA 2012-56)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1967"
},
{
"category": "external",
"summary": "RHBZ#840259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1967"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1967",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1967"
}
],
"release_date": "2012-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-07-17T18:51:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1089"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.6-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.6-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.6-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.6-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Code execution through javascript: URLs (MFSA 2012-56)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.