Rapid7 Vulnerability & Exploit Database

RHSA-2010:0682: thunderbird security update

Back to Search

RHSA-2010:0682: thunderbird security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
09/09/2010
Created
07/25/2018
Added
09/16/2010
Modified
07/04/2017

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.Several flaws were found in the processing of malformed HTML mail content.An HTML mail message containing malicious content could cause Thunderbirdto crash or, potentially, execute arbitrary code with the privileges of theuser running Thunderbird. (CVE-2010-3169)A buffer overflow flaw was found in Thunderbird. An HTML mail messagecontaining malicious content could cause Thunderbird to crash or,potentially, execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2010-2765)A use-after-free flaw and several dangling pointer flaws were found inThunderbird. An HTML mail message containing malicious content could causeThunderbird to crash or, potentially, execute arbitrary code with theprivileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767,CVE-2010-3167, CVE-2010-3168)A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTMLcontent could cause Thunderbird to execute JavaScript code with thepermissions of different remote HTML content. (CVE-2010-2768)Note: JavaScript support is disabled by default in Thunderbird. None of theabove issues are exploitable unless JavaScript is enabled.All Thunderbird users should upgrade to this updated package, whichresolves these issues. All running instances of Thunderbird must berestarted for the update to take effect.

Solution(s)

  • redhat-upgrade-thunderbird

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;