Advisories:rPSA-2006-0138
From rPath Wiki
rPath Security Advisory 2006-0138-1
Published: 2006-07-27
Products
- rPath Linux 1
Rating
- Minor
Exposure Level Classification
- User Deterministic Vulnerability
Updated Versions
- thunderbird=conary.rpath.com@rpl:1/1.5.0.5-1-0.1
rPath Issue Tracking System
References
- CVE-2006-3113
- CVE-2006-3801
- CVE-2006-3802
- CVE-2006-3803
- CVE-2006-3804
- CVE-2006-3805
- CVE-2006-3806
- CVE-2006-3807
- CVE-2006-3808
- CVE-2006-3809
- CVE-2006-3810
- CVE-2006-3811
- http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
Description
- Previous versions of the thunderbird package have multiple
- vulnerabilities that are resolved in this version. Most of
- the vulnerabilities are applicable only if Javascript has been
- enabled for email; the Mozilla Foundation strongly recommends
- that Javascript always be disabled for email and thunderbird
- disables Javascript by default. One of the vulnerabilities
- can cause thunderbird to crash when reading a malformed vCard.
- The Mozilla Foundation has indicated that it is unlikely that
- this issue (MFSA-2006-49, CVE-2006-3804) can be used to enable
- unauthenticated remote access, but warns that similar classes
- of vulnerabilities have been exploited to enable unauthenticated
- remote access in the past.
Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html