From Mageia wiki
Jump to: navigation, search

MGASA-2013-0109

Date: April 4th, 2013
Affected releases: 2
Media: Core


Description:
Updated thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird (CVE-2013-0788).

A flaw was found in the way Same Origin Wrappers were implemented in
Thunderbird. Malicious content could use this flaw to bypass the
same-origin policy and execute arbitrary code with the privileges of the
user running Thunderbird (CVE-2013-0795).

A flaw was found in the embedded WebGL library in Thunderbird. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. Note: This issue
only affected systems using the Intel Mesa graphics drivers
(CVE-2013-0796).

An out-of-bounds write flaw was found in the embedded Cairo library in
Thunderbird. Malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2013-0800).

A flaw was found in the way Thunderbird handled the JavaScript history
functions. Malicious content could cause a page to be displayed that
has a baseURI pointing to a different site, allowing cross-site scripting
(XSS) and phishing attacks (CVE-2013-0793).


Updated Packages:
i586:
nsinstall-17.0.5-1.mga2.i586.rpm
thunderbird-17.0.5-1.mga2.i586.rpm
thunderbird-enigmail-17.0.5-1.mga2.i586.rpm
thunderbird-debug-17.0.5-1.mga2.i586.rpm
thunderbird-ar-17.0.5-1.mga2.noarch.rpm
thunderbird-ast-17.0.5-1.mga2.noarch.rpm
thunderbird-be-17.0.5-1.mga2.noarch.rpm
thunderbird-bg-17.0.5-1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.5-1.mga2.noarch.rpm
thunderbird-br-17.0.5-1.mga2.noarch.rpm
thunderbird-ca-17.0.5-1.mga2.noarch.rpm
thunderbird-cs-17.0.5-1.mga2.noarch.rpm
thunderbird-da-17.0.5-1.mga2.noarch.rpm
thunderbird-de-17.0.5-1.mga2.noarch.rpm
thunderbird-el-17.0.5-1.mga2.noarch.rpm
thunderbird-en_GB-17.0.5-1.mga2.noarch.rpm
thunderbird-es_AR-17.0.5-1.mga2.noarch.rpm
thunderbird-es_ES-17.0.5-1.mga2.noarch.rpm
thunderbird-et-17.0.5-1.mga2.noarch.rpm
thunderbird-eu-17.0.5-1.mga2.noarch.rpm
thunderbird-fi-17.0.5-1.mga2.noarch.rpm
thunderbird-fr-17.0.5-1.mga2.noarch.rpm
thunderbird-fy-17.0.5-1.mga2.noarch.rpm
thunderbird-ga-17.0.5-1.mga2.noarch.rpm
thunderbird-gd-17.0.5-1.mga2.noarch.rpm
thunderbird-gl-17.0.5-1.mga2.noarch.rpm
thunderbird-he-17.0.5-1.mga2.noarch.rpm
thunderbird-hu-17.0.5-1.mga2.noarch.rpm
thunderbird-id-17.0.5-1.mga2.noarch.rpm
thunderbird-is-17.0.5-1.mga2.noarch.rpm
thunderbird-it-17.0.5-1.mga2.noarch.rpm
thunderbird-ja-17.0.5-1.mga2.noarch.rpm
thunderbird-ko-17.0.5-1.mga2.noarch.rpm
thunderbird-lt-17.0.5-1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-nl-17.0.5-1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.5-1.mga2.noarch.rpm
thunderbird-pl-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.5-1.mga2.noarch.rpm
thunderbird-ro-17.0.5-1.mga2.noarch.rpm
thunderbird-ru-17.0.5-1.mga2.noarch.rpm
thunderbird-si-17.0.5-1.mga2.noarch.rpm
thunderbird-sk-17.0.5-1.mga2.noarch.rpm
thunderbird-sl-17.0.5-1.mga2.noarch.rpm
thunderbird-sq-17.0.5-1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.5-1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.5-1.mga2.noarch.rpm
thunderbird-tr-17.0.5-1.mga2.noarch.rpm
thunderbird-uk-17.0.5-1.mga2.noarch.rpm
thunderbird-vi-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.5-1.mga2.noarch.rpm

x86_64:
nsinstall-17.0.5-1.mga2.x86_64.rpm
thunderbird-17.0.5-1.mga2.x86_64.rpm
thunderbird-enigmail-17.0.5-1.mga2.x86_64.rpm
thunderbird-debug-17.0.5-1.mga2.x86_64.rpm
thunderbird-ar-17.0.5-1.mga2.noarch.rpm
thunderbird-ast-17.0.5-1.mga2.noarch.rpm
thunderbird-be-17.0.5-1.mga2.noarch.rpm
thunderbird-bg-17.0.5-1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.5-1.mga2.noarch.rpm
thunderbird-br-17.0.5-1.mga2.noarch.rpm
thunderbird-ca-17.0.5-1.mga2.noarch.rpm
thunderbird-cs-17.0.5-1.mga2.noarch.rpm
thunderbird-da-17.0.5-1.mga2.noarch.rpm
thunderbird-de-17.0.5-1.mga2.noarch.rpm
thunderbird-el-17.0.5-1.mga2.noarch.rpm
thunderbird-en_GB-17.0.5-1.mga2.noarch.rpm
thunderbird-es_AR-17.0.5-1.mga2.noarch.rpm
thunderbird-es_ES-17.0.5-1.mga2.noarch.rpm
thunderbird-et-17.0.5-1.mga2.noarch.rpm
thunderbird-eu-17.0.5-1.mga2.noarch.rpm
thunderbird-fi-17.0.5-1.mga2.noarch.rpm
thunderbird-fr-17.0.5-1.mga2.noarch.rpm
thunderbird-fy-17.0.5-1.mga2.noarch.rpm
thunderbird-ga-17.0.5-1.mga2.noarch.rpm
thunderbird-gd-17.0.5-1.mga2.noarch.rpm
thunderbird-gl-17.0.5-1.mga2.noarch.rpm
thunderbird-he-17.0.5-1.mga2.noarch.rpm
thunderbird-hu-17.0.5-1.mga2.noarch.rpm
thunderbird-id-17.0.5-1.mga2.noarch.rpm
thunderbird-is-17.0.5-1.mga2.noarch.rpm
thunderbird-it-17.0.5-1.mga2.noarch.rpm
thunderbird-ja-17.0.5-1.mga2.noarch.rpm
thunderbird-ko-17.0.5-1.mga2.noarch.rpm
thunderbird-lt-17.0.5-1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-nl-17.0.5-1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.5-1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.5-1.mga2.noarch.rpm
thunderbird-pl-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.5-1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.5-1.mga2.noarch.rpm
thunderbird-ro-17.0.5-1.mga2.noarch.rpm
thunderbird-ru-17.0.5-1.mga2.noarch.rpm
thunderbird-si-17.0.5-1.mga2.noarch.rpm
thunderbird-sk-17.0.5-1.mga2.noarch.rpm
thunderbird-sl-17.0.5-1.mga2.noarch.rpm
thunderbird-sq-17.0.5-1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.5-1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.5-1.mga2.noarch.rpm
thunderbird-tr-17.0.5-1.mga2.noarch.rpm
thunderbird-uk-17.0.5-1.mga2.noarch.rpm
thunderbird-vi-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.5-1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.5-1.mga2.noarch.rpm

SRPMS:
thunderbird-17.0.5-1.mga2.src.rpm
thunderbird-l10n-17.0.5-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
https://rhn.redhat.com/errata/RHSA-2013-0697.html
https://bugs.mageia.org/show_bug.cgi?id=9599