Bug 145604
Summary: | CAN-2004-1316 multiple thunderbird issues (CAN-2005-0142 CAN-2005-0146 CAN-2005-0149) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | thunderbird | Assignee: | Christopher Aillon <caillon> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=important,public=20050120 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-04-28 20:26:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-01-20 01:36:55 UTC
=================================== Mozilla Security Advisory MSA05-006 =================================== Title: Heap overrun handling malicious news: URL Severity: High Reporter: Maurycy Prodeus (iSEC Security Research) Fixed in: Thunderbird 0.9 Mozilla Suite 1.7.5 Description ----------- Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox does not support the news: scheme. Workaround ---------- Upgrade to fixed version. References ---------- http://isec.pl/vulnerabilities/isec-0020-mozilla.txt https://bugzilla.mozilla.org/show_bug.cgi?id=264388 The issue described in comment #1 is CAN-2004-1316 =================================== Mozilla Security Advisory MSA05-008 =================================== Title: Synthetic middle-click event can steal clipboard contents Severity: Moderate Reporter: Jesse Ruderman Fixed in: Firebird 1.0 Mozilla Suite 1.7.5 Description ----------- Script-generated middle-click events can steal clipboard contents on systems where that action is a paste. Middle-click paste is the default behavior on Unix systems, and a hidden option elsewhere. Workaround ---------- Disable javascript or upgrade to fixed version. References ---------- https://bugzilla.mozilla.org/show_bug.cgi?id=265728 Fixed in fc3 updates already. |