Rapid7 Vulnerability & Exploit Database

RHSA-2010:0154: thunderbird security update

Back to Search

RHSA-2010:0154: thunderbird security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
09/10/2009
Created
07/25/2018
Added
03/24/2010
Modified
07/04/2017

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.Several flaws were found in the processing of malformed HTML mail content.An HTML mail message containing malicious content could cause Thunderbirdto crash or, potentially, execute arbitrary code with the privileges of theuser running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)A use-after-free flaw was found in Thunderbird. An attacker could use thisflaw to crash Thunderbird or, potentially, execute arbitrary code with theprivileges of the user running Thunderbird. (CVE-2009-3077)A heap-based buffer overflow flaw was found in the Thunderbird string tofloating point conversion routines. An HTML mail message containingmalicious JavaScript could crash Thunderbird or, potentially, executearbitrary code with the privileges of the user running Thunderbird.(CVE-2009-0689)A use-after-free flaw was found in Thunderbird. Under low memoryconditions, viewing an HTML mail message containing malicious content couldresult in Thunderbird executing arbitrary code with the privileges of theuser running Thunderbird. (CVE-2009-1571)A flaw was found in the way Thunderbird created temporary file names fordownloaded files. If a local attacker knows the name of a file Thunderbirdis going to download, they can replace the contents of that file witharbitrary contents. (CVE-2009-3274)A flaw was found in the way Thunderbird displayed a right-to-left overridecharacter when downloading a file. In these cases, the name displayed inthe title bar differed from the name displayed in the dialog body. Anattacker could use this flaw to trick a user into downloading a file thathas a file name or extension that is different from what the user expected.(CVE-2009-3376)A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. Amalicious SOCKS5 server could send a specially-crafted reply that wouldcause Thunderbird to crash. (CVE-2009-2470)Descriptions in the dialogs when adding and removing PKCS #11 modules werenot informative. An attacker able to trick a user into installing amalicious PKCS #11 module could use this flaw to install their ownCertificate Authority certificates on a user's machine, making it possibleto trick the user into believing they are viewing trusted content or,potentially, execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2009-3076)All Thunderbird users should upgrade to this updated package, whichresolves these issues. All running instances of Thunderbird must berestarted for the update to take effect.

Solution(s)

  • redhat-upgrade-thunderbird

References

  • redhat-upgrade-thunderbird

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;