From Mageia wiki
Jump to: navigation, search

MGASA-2012-0246

Date: August 30th, 2012
Affected releases: 1, 2


Description:
Updated mozilla-thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird (CVE-2012-1970,
CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964).

Content containing a malicious Scalable Vector Graphics (SVG) image file
could cause Thunderbird to crash or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird (CVE-2012-3969,
(CVE-2012-3970).

Two flaws were found in the way Thunderbird rendered certain images using
WebGL. Malicious content could cause Thunderbird to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Thunderbird (CVE-2012-3967, CVE-2012-3968).

A flaw was found in the way Thunderbird decoded embedded bitmap images in
Icon Format (ICO) files. Content containing a malicious ICO file could
cause Thunderbird to crash or, under certain conditions, possibly execute
arbitrary code with the privileges of the user running Thunderbird
(CVE-2012-3966).

A flaw was found in the way the "eval" command was handled by the
Thunderbird Error Console. Running "eval" in the Error Console while
viewing malicious content could possibly cause Thunderbird to execute
arbitrary code with the privileges of the user running Thunderbird
(CVE-2012-3980).

An out-of-bounds memory read flaw was found in the way Thunderbird used
the format-number feature of XSLT (Extensible Stylesheet Language
Transformations). Malicious content could possibly cause an information
leak, or cause Thunderbird to crash (CVE-2012-3972).

A flaw was found in the location object implementation in Thunderbird.
Malicious content could use this flaw to possibly allow restricted content
to be loaded (CVE-2012-3978).


Updated Packages:
Mageia 1:
mozilla-thunderbird-10.0.7-1.mga1
mozilla-thunderbird-enigmail-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ar-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ca-10.0.7-1.mga1
mozilla-thunderbird-enigmail-cs-10.0.7-1.mga1
mozilla-thunderbird-enigmail-de-10.0.7-1.mga1
mozilla-thunderbird-enigmail-el-10.0.7-1.mga1
mozilla-thunderbird-enigmail-es-10.0.7-1.mga1
mozilla-thunderbird-enigmail-fi-10.0.7-1.mga1
mozilla-thunderbird-enigmail-fr-10.0.7-1.mga1
mozilla-thunderbird-enigmail-it-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ja-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ko-10.0.7-1.mga1
mozilla-thunderbird-enigmail-nb-10.0.7-1.mga1
mozilla-thunderbird-enigmail-nl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pt-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pt_BR-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ru-10.0.7-1.mga1
mozilla-thunderbird-enigmail-sl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-sv-10.0.7-1.mga1
mozilla-thunderbird-enigmail-tr-10.0.7-1.mga1
mozilla-thunderbird-enigmail-vi-10.0.7-1.mga1
mozilla-thunderbird-enigmail-zh_CN-10.0.7-1.mga1
mozilla-thunderbird-enigmail-zh_TW-10.0.7-1.mga1
mozilla-thunderbird-ar-10.0.7-1.mga1
mozilla-thunderbird-be-10.0.7-1.mga1
mozilla-thunderbird-bg-10.0.7-1.mga1
mozilla-thunderbird-bn_BD-10.0.7-1.mga1
mozilla-thunderbird-br-10.0.7-1.mga1
mozilla-thunderbird-ca-10.0.7-1.mga1
mozilla-thunderbird-cs-10.0.7-1.mga1
mozilla-thunderbird-da-10.0.7-1.mga1
mozilla-thunderbird-de-10.0.7-1.mga1
mozilla-thunderbird-el-10.0.7-1.mga1
mozilla-thunderbird-en_GB-10.0.7-1.mga1
mozilla-thunderbird-es_AR-10.0.7-1.mga1
mozilla-thunderbird-es_ES-10.0.7-1.mga1
mozilla-thunderbird-et-10.0.7-1.mga1
mozilla-thunderbird-eu-10.0.7-1.mga1
mozilla-thunderbird-fi-10.0.7-1.mga1
mozilla-thunderbird-fr-10.0.7-1.mga1
mozilla-thunderbird-fy-10.0.7-1.mga1
mozilla-thunderbird-ga-10.0.7-1.mga1
mozilla-thunderbird-gd-10.0.7-1.mga1
mozilla-thunderbird-gl-10.0.7-1.mga1
mozilla-thunderbird-he-10.0.7-1.mga1
mozilla-thunderbird-hu-10.0.7-1.mga1
mozilla-thunderbird-id-10.0.7-1.mga1
mozilla-thunderbird-is-10.0.7-1.mga1
mozilla-thunderbird-it-10.0.7-1.mga1
mozilla-thunderbird-ja-10.0.7-1.mga1
mozilla-thunderbird-ko-10.0.7-1.mga1
mozilla-thunderbird-lt-10.0.7-1.mga1
mozilla-thunderbird-nb_NO-10.0.7-1.mga1
mozilla-thunderbird-nl-10.0.7-1.mga1
mozilla-thunderbird-nn_NO-10.0.7-1.mga1
mozilla-thunderbird-pl-10.0.7-1.mga1
mozilla-thunderbird-pt_BR-10.0.7-1.mga1
mozilla-thunderbird-pt_PT-10.0.7-1.mga1
mozilla-thunderbird-ro-10.0.7-1.mga1
mozilla-thunderbird-ru-10.0.7-1.mga1
mozilla-thunderbird-si-10.0.7-1.mga1
mozilla-thunderbird-sk-10.0.7-1.mga1
mozilla-thunderbird-sl-10.0.7-1.mga1
mozilla-thunderbird-sq-10.0.7-1.mga1
mozilla-thunderbird-sv_SE-10.0.7-1.mga1
mozilla-thunderbird-ta_LK-10.0.7-1.mga1
mozilla-thunderbird-tr-10.0.7-1.mga1
mozilla-thunderbird-uk-10.0.7-1.mga1
mozilla-thunderbird-vi-10.0.7-1.mga1
mozilla-thunderbird-zh_CN-10.0.7-1.mga1
mozilla-thunderbird-zh_TW-10.0.7-1.mga1
nsinstall-10.0.7-1.mga1

Mageia 2:
thunderbird-10.0.7-1.mga2
thunderbird-enigmail-10.0.7-1.mga2
thunderbird-ar-10.0.7-1.mga2
thunderbird-ast-10.0.7-1.mga2
thunderbird-be-10.0.7-1.mga2
thunderbird-bg-10.0.7-1.mga2
thunderbird-bn_BD-10.0.7-1.mga2
thunderbird-br-10.0.7-1.mga2
thunderbird-ca-10.0.7-1.mga2
thunderbird-cs-10.0.7-1.mga2
thunderbird-da-10.0.7-1.mga2
thunderbird-de-10.0.7-1.mga2
thunderbird-el-10.0.7-1.mga2
thunderbird-en_GB-10.0.7-1.mga2
thunderbird-es_AR-10.0.7-1.mga2
thunderbird-es_ES-10.0.7-1.mga2
thunderbird-et-10.0.7-1.mga2
thunderbird-eu-10.0.7-1.mga2
thunderbird-fi-10.0.7-1.mga2
thunderbird-fr-10.0.7-1.mga2
thunderbird-fy-10.0.7-1.mga2
thunderbird-ga-10.0.7-1.mga2
thunderbird-gd-10.0.7-1.mga2
thunderbird-gl-10.0.7-1.mga2
thunderbird-he-10.0.7-1.mga2
thunderbird-hu-10.0.7-1.mga2
thunderbird-id-10.0.7-1.mga2
thunderbird-is-10.0.7-1.mga2
thunderbird-it-10.0.7-1.mga2
thunderbird-ja-10.0.7-1.mga2
thunderbird-ko-10.0.7-1.mga2
thunderbird-lt-10.0.7-1.mga2
thunderbird-nb_NO-10.0.7-1.mga2
thunderbird-nl-10.0.7-1.mga2
thunderbird-nn_NO-10.0.7-1.mga2
thunderbird-pl-10.0.7-1.mga2
thunderbird-pa_IN-10.0.7-1.mga2
thunderbird-pt_BR-10.0.7-1.mga2
thunderbird-pt_PT-10.0.7-1.mga2
thunderbird-ro-10.0.7-1.mga2
thunderbird-ru-10.0.7-1.mga2
thunderbird-si-10.0.7-1.mga2
thunderbird-sk-10.0.7-1.mga2
thunderbird-sl-10.0.7-1.mga2
thunderbird-sq-10.0.7-1.mga2
thunderbird-sv_SE-10.0.7-1.mga2
thunderbird-ta_LK-10.0.7-1.mga2
thunderbird-tr-10.0.7-1.mga2
thunderbird-uk-10.0.7-1.mga2
thunderbird-vi-10.0.7-1.mga2
thunderbird-zh_CN-10.0.7-1.mga2
thunderbird-zh_TW-10.0.7-1.mga2
nsinstall-10.0.7-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
https://rhn.redhat.com/errata/RHSA-2012-1211.html
https://bugs.mageia.org/show_bug.cgi?id=7210

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0246&oldid=10712"