Rapid7 Vulnerability & Exploit Database

RHSA-2011:0886: thunderbird security update

Back to Search

RHSA-2011:0886: thunderbird security update



Mozilla Thunderbird is a standalone mail and newsgroup client.A flaw was found in the way Thunderbird handled malformed JPEG images. AnHTML mail message containing a malicious JPEG image could cause Thunderbirdto crash or, potentially, execute arbitrary code with the privileges of theuser running Thunderbird. (CVE-2011-2377)Multiple dangling pointer flaws were found in Thunderbird. Malicious HTMLcontent could cause Thunderbird to crash or, potentially, execute arbitrarycode with the privileges of the user running Thunderbird. (CVE-2011-0083,CVE-2011-0085, CVE-2011-2363)Several flaws were found in the processing of malformed HTML content.Malicious HTML content could cause Thunderbird to crash or, potentially,execute arbitrary code with the privileges of the user running Thunderbird.(CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376)It was found that Thunderbird could treat two separate cookies (for webcontent) as interchangeable if both were for the same domain name but oneof those domain names had a trailing "." character. This violates thesame-origin policy and could possibly lead to data being leaked to thewrong domain. (CVE-2011-2362)All Thunderbird users should upgrade to this updated package, whichresolves these issues. All running instances of Thunderbird must berestarted for the update to take effect.


  • redhat-upgrade-thunderbird
  • redhat-upgrade-thunderbird-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center