Red Hat Bugzilla – Bug 183550
CVE-2006-0749 Thunderbird Tag Order Vulnerability
Last modified: 2008-08-02 19:40:36 EDT
+++ This bug was initially created as a clone of Bug #183537 +++
There exists a remotely exploitable code execution vulnerability in Thunderbird
related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Thunderbird.
-- Additional comment from firstname.lastname@example.org on 2006-03-01 16:01 EST --
Created an attachment (id=125496)
Proposed upstream patch
This patch should apply to aviary 1.0.7 and mozilla 1.7.12
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encouraged to upgrade their system to the latest version of their
Please, confirm to us that this bug is reproducible on the latest upgrade of the
supported distribution (that's RHEL, or Fedora 7, 8, and Rawhide).
Setting the bug to NEEDINFO. If I won't get confirmation of reproducability in
30 days, the bug will be closed as INSUFFICIENT_DATA.
[This is mass-changing of bugs which seem to be too old and irrelevant anymore;
we are sorry, if this bug should not be incldued.]
Updates pushed as:
Red Hat Enterprise Linux: