rhsa-2012_1483
Vulnerability from csaf_redhat
Published
2012-11-20 21:43
Modified
2024-11-22 05:59
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2012-4214,
CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,
CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)
A buffer overflow flaw was found in the way Thunderbird handled GIF
(Graphics Interchange Format) images. Content containing a malicious GIF
image could cause Thunderbird to crash or, possibly, execute arbitrary code
with the privileges of the user running Thunderbird. (CVE-2012-4202)
A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character
encoding. Malicious content could cause Thunderbird to run JavaScript code
with the permissions of different content. (CVE-2012-4207)
A flaw was found in the location object implementation in Thunderbird.
Malicious content could possibly use this flaw to allow restricted content
to be loaded by plug-ins. (CVE-2012-4209)
A flaw was found in the way cross-origin wrappers were implemented.
Malicious content could use this flaw to perform cross-site scripting
attacks. (CVE-2012-5841)
A flaw was found in the evalInSandbox implementation in Thunderbird.
Malicious content could use this flaw to perform cross-site scripting
attacks. (CVE-2012-4201)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew
McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz
Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of
these issues.
Note: All issues except CVE-2012-4202 cannot be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.11 ESR, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-4214,\nCVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833,\nCVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842)\n\nA buffer overflow flaw was found in the way Thunderbird handled GIF\n(Graphics Interchange Format) images. Content containing a malicious GIF\nimage could cause Thunderbird to crash or, possibly, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-4202)\n\nA flaw was found in the way Thunderbird decoded the HZ-GB-2312 character\nencoding. Malicious content could cause Thunderbird to run JavaScript code\nwith the permissions of different content. (CVE-2012-4207)\n\nA flaw was found in the location object implementation in Thunderbird.\nMalicious content could possibly use this flaw to allow restricted content\nto be loaded by plug-ins. (CVE-2012-4209)\n\nA flaw was found in the way cross-origin wrappers were implemented.\nMalicious content could use this flaw to perform cross-site scripting\nattacks. (CVE-2012-5841)\n\nA flaw was found in the evalInSandbox implementation in Thunderbird.\nMalicious content could use this flaw to perform cross-site scripting\nattacks. (CVE-2012-4201)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew\nMcCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz\nMlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of\nthese issues.\n\nNote: All issues except CVE-2012-4202 cannot be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.11 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:1483", "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "877614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614" }, { "category": "external", "summary": "877615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615" }, { "category": "external", "summary": "877616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616" }, { "category": "external", "summary": "877628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628" }, { "category": "external", "summary": "877629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629" }, { "category": "external", "summary": "877632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632" }, { "category": "external", "summary": "877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "877635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1483.json" } ], "title": "Red Hat Security Advisory: thunderbird security update", "tracking": { "current_release_date": "2024-11-22T05:59:01+00:00", "generator": { "date": "2024-11-22T05:59:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2012:1483", "initial_release_date": "2012-11-20T21:43:00+00:00", "revision_history": [ { "date": "2012-11-20T21:43:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2012-11-20T21:49:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T05:59:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } }, { "category": "product_name", "name": "RHEL Optional Productivity Applications (v. 5 server)", "product": { "name": "RHEL Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS-5.8.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_productivity:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el6_3.i686", "product": { "name": "thunderbird-0:10.0.11-1.el6_3.i686", "product_id": "thunderbird-0:10.0.11-1.el6_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el6_3?arch=i686" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "product": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "product_id": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.11-1.el6_3?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el6_3.src", "product": { "name": "thunderbird-0:10.0.11-1.el6_3.src", "product_id": "thunderbird-0:10.0.11-1.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el6_3?arch=src" } } }, { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el5_8.src", "product": { "name": "thunderbird-0:10.0.11-1.el5_8.src", "product_id": "thunderbird-0:10.0.11-1.el5_8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el5_8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el6_3.x86_64", "product": { "name": "thunderbird-0:10.0.11-1.el6_3.x86_64", "product_id": "thunderbird-0:10.0.11-1.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "product": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "product_id": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.11-1.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el5_8.x86_64", "product": { "name": "thunderbird-0:10.0.11-1.el5_8.x86_64", "product_id": "thunderbird-0:10.0.11-1.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el5_8?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "product": { "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "product_id": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.11-1.el5_8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el6_3.s390x", "product": { "name": "thunderbird-0:10.0.11-1.el6_3.s390x", "product_id": "thunderbird-0:10.0.11-1.el6_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el6_3?arch=s390x" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "product": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "product_id": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.11-1.el6_3?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el6_3.ppc64", "product": { "name": "thunderbird-0:10.0.11-1.el6_3.ppc64", "product_id": "thunderbird-0:10.0.11-1.el6_3.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el6_3?arch=ppc64" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "product": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "product_id": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.11-1.el6_3?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:10.0.11-1.el5_8.i386", "product": { "name": "thunderbird-0:10.0.11-1.el5_8.i386", "product_id": "thunderbird-0:10.0.11-1.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird@10.0.11-1.el5_8?arch=i386" } } }, { "category": "product_version", "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "product": { "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "product_id": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/thunderbird-debuginfo@10.0.11-1.el5_8?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386" }, "product_reference": "thunderbird-0:10.0.11-1.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el5_8.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src" }, "product_reference": "thunderbird-0:10.0.11-1.el5_8.src", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64" }, "product_reference": "thunderbird-0:10.0.11-1.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "relates_to_product_reference": "5Client-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386" }, "product_reference": "thunderbird-0:10.0.11-1.el5_8.i386", "relates_to_product_reference": "5Server-DPAS-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el5_8.src as a component of RHEL Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src" }, "product_reference": "thunderbird-0:10.0.11-1.el5_8.src", "relates_to_product_reference": "5Server-DPAS-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64" }, "product_reference": "thunderbird-0:10.0.11-1.el5_8.x86_64", "relates_to_product_reference": "5Server-DPAS-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386 as a component of RHEL Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "relates_to_product_reference": "5Server-DPAS-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64 as a component of RHEL Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "relates_to_product_reference": "5Server-DPAS-5.8.Z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.i686", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.ppc64", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.s390x", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.src", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.x86_64", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "relates_to_product_reference": "6Client-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.i686", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.ppc64", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.s390x", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.src", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.x86_64", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "relates_to_product_reference": "6Server-optional-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.i686", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.ppc64", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.s390x", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.src", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:10.0.11-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64" }, "product_reference": "thunderbird-0:10.0.11-1.el6_3.x86_64", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "relates_to_product_reference": "6Workstation-6.3.z" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" }, "product_reference": "thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "relates_to_product_reference": "6Workstation-6.3.z" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "moz_bug_r_a4" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4201", "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877616" } ], "notes": [ { "category": "description", "text": "The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4201" }, { "category": "external", "summary": "RHBZ#877616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4201", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4201" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-93.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-93.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Atte Kettunen" ], "organization": "OUSPG", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4202", "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877615" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4202" }, { "category": "external", "summary": "RHBZ#877615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4202", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4202" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4202", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4202" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-92.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-92.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Masato Kinugawa" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4207", "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877629" } ], "notes": [ { "category": "description", "text": "The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Improper character decoding in HZ-GB-2312 charset (MFSA 2012-101)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4207" }, { "category": "external", "summary": "RHBZ#877629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4207", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4207" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4207", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4207" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-101.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-101.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla: Improper character decoding in HZ-GB-2312 charset (MFSA 2012-101)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Mariusz Mlynski" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4209", "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877632" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Frames can shadow top.location (MFSA 2012-103)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4209" }, { "category": "external", "summary": "RHBZ#877632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4209", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4209" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4209", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4209" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla: Frames can shadow top.location (MFSA 2012-103)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Abhishek Arya" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4214", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877634" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4214" }, { "category": "external", "summary": "RHBZ#877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4214", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4214" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4214", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4214" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Abhishek Arya" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4215", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877634" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4215" }, { "category": "external", "summary": "RHBZ#877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4215", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4215" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4215", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4215" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Abhishek Arya" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-4216", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877634" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4216" }, { "category": "external", "summary": "RHBZ#877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4216", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4216" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4216", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4216" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Abhishek Arya" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5829", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877634" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5829" }, { "category": "external", "summary": "RHBZ#877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5829", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5829" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5829", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5829" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "miaubiz" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5830", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877635" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5830" }, { "category": "external", "summary": "RHBZ#877635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5830", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5830" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5830", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5830" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "miaubiz" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5833", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877635" } ], "notes": [ { "category": "description", "text": "The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5833" }, { "category": "external", "summary": "RHBZ#877635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5833", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5833" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5833", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5833" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "miaubiz" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5835", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877635" } ], "notes": [ { "category": "description", "text": "Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5835" }, { "category": "external", "summary": "RHBZ#877635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5835", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5835" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Abhishek Arya" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5839", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877634" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5839" }, { "category": "external", "summary": "RHBZ#877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5839", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5839" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Abhishek Arya" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5840", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877634" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5840" }, { "category": "external", "summary": "RHBZ#877634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5840", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5840" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] }, { "names": [ "Bobby Holley" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2012-5841", "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877628" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Improper security filtering for cross-origin wrappers (MFSA 2012-100)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5841" }, { "category": "external", "summary": "RHBZ#877628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5841", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5841" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla: Improper security filtering for cross-origin wrappers (MFSA 2012-100)" }, { "acknowledgments": [ { "names": [ "Mozilla project" ] } ], "cve": "CVE-2012-5842", "discovery_date": "2012-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "877614" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Miscellaneous memory safety hazards (rv:10.0.11) (MFSA 2012-91)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5842" }, { "category": "external", "summary": "RHBZ#877614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5842", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5842" }, { "category": "external", "summary": "http://www.mozilla.org/security/announce/2012/mfsa2012-91.html", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-91.html" } ], "release_date": "2012-11-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-11-20T21:43:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:1483" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Client-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Client-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.src", "5Server-DPAS-5.8.Z:thunderbird-0:10.0.11-1.el5_8.x86_64", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.i386", "5Server-DPAS-5.8.Z:thunderbird-debuginfo-0:10.0.11-1.el5_8.x86_64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Client-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Client-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Server-optional-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Server-optional-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.src", "6Workstation-6.3.z:thunderbird-0:10.0.11-1.el6_3.x86_64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.i686", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.ppc64", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.s390x", "6Workstation-6.3.z:thunderbird-debuginfo-0:10.0.11-1.el6_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Miscellaneous memory safety hazards (rv:10.0.11) (MFSA 2012-91)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.