From Mageia wiki
Jump to: navigation, search

MGASA-2012-0289

Date: October 11th, 2012
Affected releases: 1, 2


Description:
Updated mozilla thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990,
CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181,
CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188).

Two flaws in Thunderbird could allow a malicious website to bypass
intended restrictions, possibly leading to information disclosure, or
Thunderbird executing arbitrary code. Note that the information
disclosure issue could possibly be combined with other flaws to achieve
arbitrary code execution (CVE-2012-3986, CVE-2012-3991).

Multiple flaws were found in the location object implementation in
Thunderbird. Malicious content could be used to perform cross-site
scripting attacks, script injection, or spoofing attacks (CVE-2012-1956,
CVE-2012-3992, CVE-2012-3994).

Two flaws were found in the way Chrome Object Wrappers were implemented.
Malicious content could be used to perform cross-site scripting attacks
or cause Thunderbird to execute arbitrary code (CVE-2012-3993,
CVE-2012-4184).


Updated Packages:
Mageia 1:
mozilla-thunderbird-10.0.8-1.mga1
mozilla-thunderbird-enigmail-10.0.8-1.mga1
mozilla-thunderbird-enigmail-ar-10.0.8-1.mga1
mozilla-thunderbird-enigmail-ca-10.0.8-1.mga1
mozilla-thunderbird-enigmail-cs-10.0.8-1.mga1
mozilla-thunderbird-enigmail-de-10.0.8-1.mga1
mozilla-thunderbird-enigmail-el-10.0.8-1.mga1
mozilla-thunderbird-enigmail-es-10.0.8-1.mga1
mozilla-thunderbird-enigmail-fi-10.0.8-1.mga1
mozilla-thunderbird-enigmail-fr-10.0.8-1.mga1
mozilla-thunderbird-enigmail-it-10.0.8-1.mga1
mozilla-thunderbird-enigmail-ja-10.0.8-1.mga1
mozilla-thunderbird-enigmail-ko-10.0.8-1.mga1
mozilla-thunderbird-enigmail-nb-10.0.8-1.mga1
mozilla-thunderbird-enigmail-nl-10.0.8-1.mga1
mozilla-thunderbird-enigmail-pl-10.0.8-1.mga1
mozilla-thunderbird-enigmail-pt-10.0.8-1.mga1
mozilla-thunderbird-enigmail-pt_BR-10.0.8-1.mga1
mozilla-thunderbird-enigmail-ru-10.0.8-1.mga1
mozilla-thunderbird-enigmail-sl-10.0.8-1.mga1
mozilla-thunderbird-enigmail-sv-10.0.8-1.mga1
mozilla-thunderbird-enigmail-tr-10.0.8-1.mga1
mozilla-thunderbird-enigmail-vi-10.0.8-1.mga1
mozilla-thunderbird-enigmail-zh_CN-10.0.8-1.mga1
mozilla-thunderbird-enigmail-zh_TW-10.0.8-1.mga1
mozilla-thunderbird-ar-10.0.8-1.mga1
mozilla-thunderbird-be-10.0.8-1.mga1
mozilla-thunderbird-bg-10.0.8-1.mga1
mozilla-thunderbird-bn_BD-10.0.8-1.mga1
mozilla-thunderbird-br-10.0.8-1.mga1
mozilla-thunderbird-ca-10.0.8-1.mga1
mozilla-thunderbird-cs-10.0.8-1.mga1
mozilla-thunderbird-da-10.0.8-1.mga1
mozilla-thunderbird-de-10.0.8-1.mga1
mozilla-thunderbird-el-10.0.8-1.mga1
mozilla-thunderbird-en_GB-10.0.8-1.mga1
mozilla-thunderbird-es_AR-10.0.8-1.mga1
mozilla-thunderbird-es_ES-10.0.8-1.mga1
mozilla-thunderbird-et-10.0.8-1.mga1
mozilla-thunderbird-eu-10.0.8-1.mga1
mozilla-thunderbird-fi-10.0.8-1.mga1
mozilla-thunderbird-fr-10.0.8-1.mga1
mozilla-thunderbird-fy-10.0.8-1.mga1
mozilla-thunderbird-ga-10.0.8-1.mga1
mozilla-thunderbird-gd-10.0.8-1.mga1
mozilla-thunderbird-gl-10.0.8-1.mga1
mozilla-thunderbird-he-10.0.8-1.mga1
mozilla-thunderbird-hu-10.0.8-1.mga1
mozilla-thunderbird-id-10.0.8-1.mga1
mozilla-thunderbird-is-10.0.8-1.mga1
mozilla-thunderbird-it-10.0.8-1.mga1
mozilla-thunderbird-ja-10.0.8-1.mga1
mozilla-thunderbird-ko-10.0.8-1.mga1
mozilla-thunderbird-lt-10.0.8-1.mga1
mozilla-thunderbird-nb_NO-10.0.8-1.mga1
mozilla-thunderbird-nl-10.0.8-1.mga1
mozilla-thunderbird-nn_NO-10.0.8-1.mga1
mozilla-thunderbird-pl-10.0.8-1.mga1
mozilla-thunderbird-pt_BR-10.0.8-1.mga1
mozilla-thunderbird-pt_PT-10.0.8-1.mga1
mozilla-thunderbird-ro-10.0.8-1.mga1
mozilla-thunderbird-ru-10.0.8-1.mga1
mozilla-thunderbird-si-10.0.8-1.mga1
mozilla-thunderbird-sk-10.0.8-1.mga1
mozilla-thunderbird-sl-10.0.8-1.mga1
mozilla-thunderbird-sq-10.0.8-1.mga1
mozilla-thunderbird-sv_SE-10.0.8-1.mga1
mozilla-thunderbird-ta_LK-10.0.8-1.mga1
mozilla-thunderbird-tr-10.0.8-1.mga1
mozilla-thunderbird-uk-10.0.8-1.mga1
mozilla-thunderbird-vi-10.0.8-1.mga1
mozilla-thunderbird-zh_CN-10.0.8-1.mga1
mozilla-thunderbird-zh_TW-10.0.8-1.mga1
nsinstall-10.0.8-1.mga1

Mageia 2:
thunderbird-10.0.8-1.mga2
thunderbird-enigmail-10.0.8-1.mga2
thunderbird-ar-10.0.8-1.mga2
thunderbird-ast-10.0.8-1.mga2
thunderbird-be-10.0.8-1.mga2
thunderbird-bg-10.0.8-1.mga2
thunderbird-bn_BD-10.0.8-1.mga2
thunderbird-br-10.0.8-1.mga2
thunderbird-ca-10.0.8-1.mga2
thunderbird-cs-10.0.8-1.mga2
thunderbird-da-10.0.8-1.mga2
thunderbird-de-10.0.8-1.mga2
thunderbird-el-10.0.8-1.mga2
thunderbird-en_GB-10.0.8-1.mga2
thunderbird-es_AR-10.0.8-1.mga2
thunderbird-es_ES-10.0.8-1.mga2
thunderbird-et-10.0.8-1.mga2
thunderbird-eu-10.0.8-1.mga2
thunderbird-fi-10.0.8-1.mga2
thunderbird-fr-10.0.8-1.mga2
thunderbird-fy-10.0.8-1.mga2
thunderbird-ga-10.0.8-1.mga2
thunderbird-gd-10.0.8-1.mga2
thunderbird-gl-10.0.8-1.mga2
thunderbird-he-10.0.8-1.mga2
thunderbird-hu-10.0.8-1.mga2
thunderbird-id-10.0.8-1.mga2
thunderbird-is-10.0.8-1.mga2
thunderbird-it-10.0.8-1.mga2
thunderbird-ja-10.0.8-1.mga2
thunderbird-ko-10.0.8-1.mga2
thunderbird-lt-10.0.8-1.mga2
thunderbird-nb_NO-10.0.8-1.mga2
thunderbird-nl-10.0.8-1.mga2
thunderbird-nn_NO-10.0.8-1.mga2
thunderbird-pl-10.0.8-1.mga2
thunderbird-pa_IN-10.0.8-1.mga2
thunderbird-pt_BR-10.0.8-1.mga2
thunderbird-pt_PT-10.0.8-1.mga2
thunderbird-ro-10.0.8-1.mga2
thunderbird-ru-10.0.8-1.mga2
thunderbird-si-10.0.8-1.mga2
thunderbird-sk-10.0.8-1.mga2
thunderbird-sl-10.0.8-1.mga2
thunderbird-sq-10.0.8-1.mga2
thunderbird-sv_SE-10.0.8-1.mga2
thunderbird-ta_LK-10.0.8-1.mga2
thunderbird-tr-10.0.8-1.mga2
thunderbird-uk-10.0.8-1.mga2
thunderbird-vi-10.0.8-1.mga2
thunderbird-zh_CN-10.0.8-1.mga2
thunderbird-zh_TW-10.0.8-1.mga2
nsinstall-10.0.8-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.mozilla.org/security/announce/2012/mfsa2012-87.html
https://rhn.redhat.com/errata/RHSA-2012-1351.html
https://bugs.mageia.org/show_bug.cgi?id=7753

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0289&oldid=11585"