Bug 183550 - CVE-2006-0749 Thunderbird Tag Order Vulnerability
CVE-2006-0749 Thunderbird Tag Order Vulnerability
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: thunderbird (Show other bugs)
4.0
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Christopher Aillon
source=mozilla,reported=20051213,publ...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-01 16:43 EST by Josh Bressers
Modified: 2008-08-02 19:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-11 04:22:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-03-01 16:43:02 EST
+++ This bug was initially created as a clone of Bug #183537 +++

There exists a remotely exploitable code execution vulnerability in Thunderbird
related to the order tags appear in an HTML document.  It is possible
for a malicious web page to execute arbitrary code as the user running Thunderbird.


-- Additional comment from bressers@redhat.com on 2006-03-01 16:01 EST --
Created an attachment (id=125496)
Proposed upstream patch

This patch should apply to aviary 1.0.7 and mozilla 1.7.12
Comment 1 Josh Bressers 2006-04-24 08:31:27 EDT
Lifting embargo
Comment 2 Matěj Cepl 2008-02-08 15:43:07 EST
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encouraged to upgrade their system to the latest version of their
distribution available.

Please, confirm to us that this bug is reproducible on the latest upgrade of the
supported distribution (that's RHEL, or Fedora 7, 8, and Rawhide).

Setting the bug to NEEDINFO. If I won't get confirmation of reproducability in
30 days, the bug will be closed as INSUFFICIENT_DATA.

[This is mass-changing of bugs which seem to be too old and irrelevant anymore;
we are sorry, if this bug should not be incldued.]
Comment 3 Tomas Hoger 2008-02-11 04:22:52 EST
Updates pushed as:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2006-0328.html (firefox)
  http://rhn.redhat.com/errata/RHSA-2006-0329.html (mozilla)
  http://rhn.redhat.com/errata/RHSA-2006-0330.html (thunderbird)

Note You need to log in before you can comment on or make changes to this bug.