This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 230542 - CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1092)
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: thunderbird (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Gecko Maintainer
impact=moderate,source=mozilla,report...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-01 07:35 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHSA-2007-0078
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-02 13:28:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2007-03-01 07:35:48 EST
+++ This bug was initially created as a clone of Bug #229802 +++

The Mozilla project is releasing Thunderbird 1.5.0.10 to fix several flaws:

mfsa2007-01
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0775
    Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the
    layout engine

    CVE-2007-0777
    Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown 
    reported potential memory corruption in the JavaScript engine

mfsa2007-02
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0995
    The Mozilla parser formerly ignored invalid trailing characters in HTML tag 
    attribute names. This could in some cases be abused to evade web sites 
    content filters that attempted to remove problematic attributes, such as 
    event handlers, by matching against a regular expression that expected to 
    find trailing whitespace or one of a small set of delimiters.

    CVE-2007-0996
    Stefan Esser demonstrated that this could be used for XSS attacks against
    sites that accept user content and do not specify the character set or 
    encoding used.

    CVE-2006-6077
    MySpace users recently suffered a phishing attack where user-created content 
    included a login form that appeared to be a normal MySpace login, but was 
    altered to submit the data to an alternate site. Because the password form 
    appeared on a MySpace page the Firefox password manager filled in the saved 
    password, lending an air of legitimacy to the form.

mfsa2007-03
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0778
    Aad reported that two web pages can collide in the disk cache with the 
    result that depending on order loaded the end of the longer document can be 
    appended to the shorter when the shorter is reloaded from the cache. It is 
    possible a determined hacker could construct a targeted attack to steal some 
    sensitive data from a particular web page (for example, transaction history 
    from a financial account). The potential victim would have to be already 
    logged into the targetted service (or be fooled into doing so) and then 
    visit the malicious site.

mfsa2007-04
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0779
    David Eckel reported that browser UI elements--such as the host name and 
    security indicators--could be spoofed by using a large, mostly transparent, 
    custom cursor and adjusting the CSS3 hotspot property so that the visible 
    part of the cursor floated outside the browser content area.

mfsa2007-05
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0780
    shutdown reported that if you could convince a user to open a blocked popup 
    you could perform a cross-site scripting attack against any site that 
    contains a frame whose source is a data: URL.

    CVE-2007-0800
    Michal Zalewski reported that although pages loaded from the web normally 
    cannot open windows containing local files, if you could convince a user to 
    open a blocked popup then this restriction could be bypassed.

mfsa2007-06
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0008 CVE-2007-0009
    iDefense has informed Mozilla about two potential buffer overflow 
    vulnerabilities found by researcher regenrecht in the Network Security 
    Services (NSS) code for processing the SSLv2 protocol.

mfsa2007-07
impact=moderate,source=mozilla,reported=20070222,public=20070223

    CVE-2007-0981
    Michal Zalewski demonstrated that setting location.hostname to a value with 
    embedded null characters can confuse the browsers domain checks. Setting the 
    value triggers a load, but the networking software reads the hostname only 
    up to the null character while other checks for "parent domain" start at the 
    right and so can have a completely different idea of what the current host 
    is.
Comment 2 Josh Bressers 2007-03-02 11:17:41 EST
mfsa2007-08
impact=moderate,source=bugtraq,reported=20070223,public=20070223

    CVE-2007-1092
    Michal Zalewski reported a memory corruption vulnerability in Firefox 2.0.0.1 
    involving mixing the onUnload event handler and self-modifying 
    document.write() calls.
Comment 3 Red Hat Bugzilla 2007-03-02 13:28:23 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0078.html

Note You need to log in before you can comment on or make changes to this bug.