MGASA-2012-0174
| Date: | July 19th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated mozilla-thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird (CVE-2012-1948,
CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,
CVE-2012-1962, CVE-2012-1967).
Malicious content could bypass same-compartment security wrappers (SCSW)
and execute arbitrary code with chrome privileges (CVE-2012-1959).
A flaw in the way Thunderbird called history.forward and history.back could
allow an attacker to conceal a malicious URL, possibly tricking a user
into believing they are viewing trusted content (CVE-2012-1955).
A flaw in a parser utility class used by Thunderbird to parse feeds (such
as RSS) could allow an attacker to execute arbitrary JavaScript with the
privileges of the user running Thunderbird. This issue could have affected
other Thunderbird components or add-ons that assume the class returns
sanitized input (CVE-2012-1957).
A flaw in the way Thunderbird handled X-Frame-Options headers could allow
malicious content to perform a clickjacking attack (CVE-2012-1961).
A flaw in the way Content Security Policy (CSP) reports were generated by
Thunderbird could allow malicious content to steal a victim's OAuth 2.0
access tokens and OpenID credentials (CVE-2012-1963).
A flaw in the way Thunderbird handled certificate warnings could allow a
man-in-the-middle attacker to create a crafted warning, possibly tricking
a user into accepting an arbitrary certificate as trusted (CVE-2012-1964).
Updated Packages:
Mageia 1:
mozilla-thunderbird-10.0.6-1.mga1
mozilla-thunderbird-enigmail-10.0.6-1.mga1
mozilla-thunderbird-enigmail-ar-10.0.6-1.mga1
mozilla-thunderbird-enigmail-ca-10.0.6-1.mga1
mozilla-thunderbird-enigmail-cs-10.0.6-1.mga1
mozilla-thunderbird-enigmail-de-10.0.6-1.mga1
mozilla-thunderbird-enigmail-el-10.0.6-1.mga1
mozilla-thunderbird-enigmail-es-10.0.6-1.mga1
mozilla-thunderbird-enigmail-fi-10.0.6-1.mga1
mozilla-thunderbird-enigmail-fr-10.0.6-1.mga1
mozilla-thunderbird-enigmail-it-10.0.6-1.mga1
mozilla-thunderbird-enigmail-ja-10.0.6-1.mga1
mozilla-thunderbird-enigmail-ko-10.0.6-1.mga1
mozilla-thunderbird-enigmail-nb-10.0.6-1.mga1
mozilla-thunderbird-enigmail-nl-10.0.6-1.mga1
mozilla-thunderbird-enigmail-pl-10.0.6-1.mga1
mozilla-thunderbird-enigmail-pt-10.0.6-1.mga1
mozilla-thunderbird-enigmail-pt_BR-10.0.6-1.mga1
mozilla-thunderbird-enigmail-ru-10.0.6-1.mga1
mozilla-thunderbird-enigmail-sl-10.0.6-1.mga1
mozilla-thunderbird-enigmail-sv-10.0.6-1.mga1
mozilla-thunderbird-enigmail-tr-10.0.6-1.mga1
mozilla-thunderbird-enigmail-vi-10.0.6-1.mga1
mozilla-thunderbird-enigmail-zh_CN-10.0.6-1.mga1
mozilla-thunderbird-enigmail-zh_TW-10.0.6-1.mga1
mozilla-thunderbird-ar-10.0.6-1.mga1
mozilla-thunderbird-be-10.0.6-1.mga1
mozilla-thunderbird-bg-10.0.6-1.mga1
mozilla-thunderbird-bn_BD-10.0.6-1.mga1
mozilla-thunderbird-br-10.0.6-1.mga1
mozilla-thunderbird-ca-10.0.6-1.mga1
mozilla-thunderbird-cs-10.0.6-1.mga1
mozilla-thunderbird-da-10.0.6-1.mga1
mozilla-thunderbird-de-10.0.6-1.mga1
mozilla-thunderbird-el-10.0.6-1.mga1
mozilla-thunderbird-en_GB-10.0.6-1.mga1
mozilla-thunderbird-es_AR-10.0.6-1.mga1
mozilla-thunderbird-es_ES-10.0.6-1.mga1
mozilla-thunderbird-et-10.0.6-1.mga1
mozilla-thunderbird-eu-10.0.6-1.mga1
mozilla-thunderbird-fi-10.0.6-1.mga1
mozilla-thunderbird-fr-10.0.6-1.mga1
mozilla-thunderbird-fy-10.0.6-1.mga1
mozilla-thunderbird-ga-10.0.6-1.mga1
mozilla-thunderbird-gd-10.0.6-1.mga1
mozilla-thunderbird-gl-10.0.6-1.mga1
mozilla-thunderbird-he-10.0.6-1.mga1
mozilla-thunderbird-hu-10.0.6-1.mga1
mozilla-thunderbird-id-10.0.6-1.mga1
mozilla-thunderbird-is-10.0.6-1.mga1
mozilla-thunderbird-it-10.0.6-1.mga1
mozilla-thunderbird-ja-10.0.6-1.mga1
mozilla-thunderbird-ko-10.0.6-1.mga1
mozilla-thunderbird-lt-10.0.6-1.mga1
mozilla-thunderbird-nb_NO-10.0.6-1.mga1
mozilla-thunderbird-nl-10.0.6-1.mga1
mozilla-thunderbird-nn_NO-10.0.6-1.mga1
mozilla-thunderbird-pl-10.0.6-1.mga1
mozilla-thunderbird-pt_BR-10.0.6-1.mga1
mozilla-thunderbird-pt_PT-10.0.6-1.mga1
mozilla-thunderbird-ro-10.0.6-1.mga1
mozilla-thunderbird-ru-10.0.6-1.mga1
mozilla-thunderbird-si-10.0.6-1.mga1
mozilla-thunderbird-sk-10.0.6-1.mga1
mozilla-thunderbird-sl-10.0.6-1.mga1
mozilla-thunderbird-sq-10.0.6-1.mga1
mozilla-thunderbird-sv_SE-10.0.6-1.mga1
mozilla-thunderbird-ta_LK-10.0.6-1.mga1
mozilla-thunderbird-tr-10.0.6-1.mga1
mozilla-thunderbird-uk-10.0.6-1.mga1
mozilla-thunderbird-vi-10.0.6-1.mga1
mozilla-thunderbird-zh_CN-10.0.6-1.mga1
mozilla-thunderbird-zh_TW-10.0.6-1.mga1
nsinstall-10.0.6-1.mga1
Mageia 2:
thunderbird-10.0.6-1.mga2
thunderbird-enigmail-10.0.6-1.mga2
thunderbird-ar-10.0.6-1.mga2
thunderbird-ast-10.0.6-1.mga2
thunderbird-be-10.0.6-1.mga2
thunderbird-bg-10.0.6-1.mga2
thunderbird-bn_BD-10.0.6-1.mga2
thunderbird-br-10.0.6-1.mga2
thunderbird-ca-10.0.6-1.mga2
thunderbird-cs-10.0.6-1.mga2
thunderbird-da-10.0.6-1.mga2
thunderbird-de-10.0.6-1.mga2
thunderbird-el-10.0.6-1.mga2
thunderbird-en_GB-10.0.6-1.mga2
thunderbird-es_AR-10.0.6-1.mga2
thunderbird-es_ES-10.0.6-1.mga2
thunderbird-et-10.0.6-1.mga2
thunderbird-eu-10.0.6-1.mga2
thunderbird-fi-10.0.6-1.mga2
thunderbird-fr-10.0.6-1.mga2
thunderbird-fy-10.0.6-1.mga2
thunderbird-ga-10.0.6-1.mga2
thunderbird-gd-10.0.6-1.mga2
thunderbird-gl-10.0.6-1.mga2
thunderbird-he-10.0.6-1.mga2
thunderbird-hu-10.0.6-1.mga2
thunderbird-id-10.0.6-1.mga2
thunderbird-is-10.0.6-1.mga2
thunderbird-it-10.0.6-1.mga2
thunderbird-ja-10.0.6-1.mga2
thunderbird-ko-10.0.6-1.mga2
thunderbird-lt-10.0.6-1.mga2
thunderbird-nb_NO-10.0.6-1.mga2
thunderbird-nl-10.0.6-1.mga2
thunderbird-nn_NO-10.0.6-1.mga2
thunderbird-pl-10.0.6-1.mga2
thunderbird-pa_IN-10.0.6-1.mga2
thunderbird-pt_BR-10.0.6-1.mga2
thunderbird-pt_PT-10.0.6-1.mga2
thunderbird-ro-10.0.6-1.mga2
thunderbird-ru-10.0.6-1.mga2
thunderbird-si-10.0.6-1.mga2
thunderbird-sk-10.0.6-1.mga2
thunderbird-sl-10.0.6-1.mga2
thunderbird-sq-10.0.6-1.mga2
thunderbird-sv_SE-10.0.6-1.mga2
thunderbird-ta_LK-10.0.6-1.mga2
thunderbird-tr-10.0.6-1.mga2
thunderbird-uk-10.0.6-1.mga2
thunderbird-vi-10.0.6-1.mga2
thunderbird-zh_CN-10.0.6-1.mga2
thunderbird-zh_TW-10.0.6-1.mga2
nsinstall-10.0.6-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
https://rhn.redhat.com/errata/RHSA-2012-1089.html
https://bugs.mageia.org/show_bug.cgi?id=6804
