rhsa-2012_1351
Vulnerability from csaf_redhat
Published
2012-10-09 22:25
Modified
2024-11-22 05:50
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2012-3982,
CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,
CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188)
Two flaws in Thunderbird could allow malicious content to bypass intended
restrictions, possibly leading to information disclosure, or Thunderbird
executing arbitrary code. Note that the information disclosure issue could
possibly be combined with other flaws to achieve arbitrary code execution.
(CVE-2012-3986, CVE-2012-3991)
Multiple flaws were found in the location object implementation in
Thunderbird. Malicious content could be used to perform cross-site
scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,
CVE-2012-3992, CVE-2012-3994)
Two flaws were found in the way Chrome Object Wrappers were implemented.
Malicious content could be used to perform cross-site scripting attacks or
cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,
miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,
moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these
issues.
Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.8 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-3982,\nCVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,\nCVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,\nCVE-2012-4187, CVE-2012-4188)\n\nTwo flaws in Thunderbird could allow malicious content to bypass intended\nrestrictions, possibly leading to information disclosure, or Thunderbird\nexecuting arbitrary code. Note that the information disclosure issue could\npossibly be combined with other flaws to achieve arbitrary code execution.\n(CVE-2012-3986, CVE-2012-3991)\n\nMultiple flaws were found in the location object implementation in\nThunderbird. Malicious content could be used to perform cross-site\nscripting attacks, script injection, or spoofing attacks. (CVE-2012-1956,\nCVE-2012-3992, CVE-2012-3994)\n\nTwo flaws were found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to perform cross-site scripting attacks or\ncause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili,\nmiaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White,\nmoz_bug_r_a4, and Mariusz Mlynski as the original reporters of these\nissues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.8 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:1351",
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "851912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912"
},
{
"category": "external",
"summary": "863614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614"
},
{
"category": "external",
"summary": "863618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618"
},
{
"category": "external",
"summary": "863619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619"
},
{
"category": "external",
"summary": "863621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621"
},
{
"category": "external",
"summary": "863622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622"
},
{
"category": "external",
"summary": "863623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623"
},
{
"category": "external",
"summary": "863624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624"
},
{
"category": "external",
"summary": "863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "863626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626"
},
{
"category": "external",
"summary": "863628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1351.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T05:50:56+00:00",
"generator": {
"date": "2024-11-22T05:50:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2012:1351",
"initial_release_date": "2012-10-09T22:25:00+00:00",
"revision_history": [
{
"date": "2012-10-09T22:25:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-10-09T22:31:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T05:50:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL Optional Productivity Applications (v. 5 server)",
"product": {
"name": "RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_productivity:5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"product_id": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.8-1.el5_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el5_8.x86_64",
"product": {
"name": "thunderbird-0:10.0.8-1.el5_8.x86_64",
"product_id": "thunderbird-0:10.0.8-1.el5_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el5_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el6_3.x86_64",
"product": {
"name": "thunderbird-0:10.0.8-1.el6_3.x86_64",
"product_id": "thunderbird-0:10.0.8-1.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"product_id": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.8-1.el6_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"product": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"product_id": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.8-1.el5_8?arch=i386"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el5_8.i386",
"product": {
"name": "thunderbird-0:10.0.8-1.el5_8.i386",
"product_id": "thunderbird-0:10.0.8-1.el5_8.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el5_8?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el5_8.src",
"product": {
"name": "thunderbird-0:10.0.8-1.el5_8.src",
"product_id": "thunderbird-0:10.0.8-1.el5_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el5_8?arch=src"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el6_3.src",
"product": {
"name": "thunderbird-0:10.0.8-1.el6_3.src",
"product_id": "thunderbird-0:10.0.8-1.el6_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el6_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el6_3.i686",
"product": {
"name": "thunderbird-0:10.0.8-1.el6_3.i686",
"product_id": "thunderbird-0:10.0.8-1.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el6_3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"product": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"product_id": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.8-1.el6_3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el6_3.s390x",
"product": {
"name": "thunderbird-0:10.0.8-1.el6_3.s390x",
"product_id": "thunderbird-0:10.0.8-1.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el6_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"product": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"product_id": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.8-1.el6_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:10.0.8-1.el6_3.ppc64",
"product": {
"name": "thunderbird-0:10.0.8-1.el6_3.ppc64",
"product_id": "thunderbird-0:10.0.8-1.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@10.0.8-1.el6_3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"product_id": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.8-1.el6_3?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386"
},
"product_reference": "thunderbird-0:10.0.8-1.el5_8.i386",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el5_8.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src"
},
"product_reference": "thunderbird-0:10.0.8-1.el5_8.src",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64"
},
"product_reference": "thunderbird-0:10.0.8-1.el5_8.x86_64",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"relates_to_product_reference": "5Client-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386"
},
"product_reference": "thunderbird-0:10.0.8-1.el5_8.i386",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el5_8.src as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src"
},
"product_reference": "thunderbird-0:10.0.8-1.el5_8.src",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64"
},
"product_reference": "thunderbird-0:10.0.8-1.el5_8.x86_64",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)",
"product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"relates_to_product_reference": "5Server-DPAS-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.src",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"relates_to_product_reference": "6Client-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.i686",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.ppc64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.s390x",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.src",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.x86_64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"relates_to_product_reference": "6Server-optional-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.src",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:10.0.8-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64"
},
"product_reference": "thunderbird-0:10.0.8-1.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"relates_to_product_reference": "6Workstation-6.3.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"relates_to_product_reference": "6Workstation-6.3.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mariusz Mlynski"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-1956",
"discovery_date": "2012-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "851912"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1956"
},
{
"category": "external",
"summary": "RHBZ#851912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1956"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html"
}
],
"release_date": "2012-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-3982",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863614"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3982"
},
{
"category": "external",
"summary": "RHBZ#863614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3982",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3982"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Johnny Stenback"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3986",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863618"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3986"
},
{
"category": "external",
"summary": "RHBZ#863618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3986",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3986"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Soroush Dalili"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3988",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863619"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DOS and crash with full screen and history navigation (MFSA 2012-79)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3988"
},
{
"category": "external",
"summary": "RHBZ#863619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3988",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3988"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3988",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3988"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: DOS and crash with full screen and history navigation (MFSA 2012-79)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"miaubiz"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3990",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863628"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3990"
},
{
"category": "external",
"summary": "RHBZ#863628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3990"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-87.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-87.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Alice White"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3991",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863621"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: GetProperty function can bypass security checks (MFSA 2012-81)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3991"
},
{
"category": "external",
"summary": "RHBZ#863621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3991"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3991",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3991"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-81.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-81.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: GetProperty function can bypass security checks (MFSA 2012-81)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mariusz Mlynski"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3992",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863624"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3992"
},
{
"category": "external",
"summary": "RHBZ#863624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3992",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3992"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-84.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-84.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mariusz Mlynski",
"moz_bug_r_a4"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3993",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863623"
}
],
"notes": [
{
"category": "description",
"text": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3993"
},
{
"category": "external",
"summary": "RHBZ#863623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3993",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3993"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3993",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3993"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
}
],
"cve": "CVE-2012-3994",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863622"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: top object and location property accessible by plugins (MFSA 2012-82)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3994"
},
{
"category": "external",
"summary": "RHBZ#863622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3994",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3994"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3994",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3994"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-82.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-82.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: top object and location property accessible by plugins (MFSA 2012-82)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3995",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863625"
}
],
"notes": [
{
"category": "description",
"text": "The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3995"
},
{
"category": "external",
"summary": "RHBZ#863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3995"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3995",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3995"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4179",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863625"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4179"
},
{
"category": "external",
"summary": "RHBZ#863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4179",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4179"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4180",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863625"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4180"
},
{
"category": "external",
"summary": "RHBZ#863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4180"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4181",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863625"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4181"
},
{
"category": "external",
"summary": "RHBZ#863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4181"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4182",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863625"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4182"
},
{
"category": "external",
"summary": "RHBZ#863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4182",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4182"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Abhishek Arya"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863625"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4183"
},
{
"category": "external",
"summary": "RHBZ#863625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4183",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4183"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Mariusz Mlynski",
"moz_bug_r_a4"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4184",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863623"
}
],
"notes": [
{
"category": "description",
"text": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4184"
},
{
"category": "external",
"summary": "RHBZ#863623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4184",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4184"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Atte Kettunen"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4185",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863626"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4185"
},
{
"category": "external",
"summary": "RHBZ#863626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4185",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4185"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Atte Kettunen"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4186",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863626"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4186"
},
{
"category": "external",
"summary": "RHBZ#863626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4186",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4186"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Atte Kettunen"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4187",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863626"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4187"
},
{
"category": "external",
"summary": "RHBZ#863626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4187"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)"
},
{
"acknowledgments": [
{
"names": [
"Mozilla project"
]
},
{
"names": [
"Atte Kettunen"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-4188",
"discovery_date": "2012-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "863626"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4188"
},
{
"category": "external",
"summary": "RHBZ#863626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4188",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4188"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html"
}
],
"release_date": "2012-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-09T22:25:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1351"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Client-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Client-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.src",
"5Server-DPAS-5.8.Z:thunderbird-0:10.0.8-1.el5_8.x86_64",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.i386",
"5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.8-1.el5_8.x86_64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Client-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Client-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Server-optional-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.src",
"6Workstation-6.3.z:thunderbird-0:10.0.8-1.el6_3.x86_64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.i686",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.ppc64",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.s390x",
"6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.8-1.el6_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.