Rapid7 Vulnerability & Exploit Database

RHSA-2011:1438: thunderbird security update

Back to Search

RHSA-2011:1438: thunderbird security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
11/09/2011
Created
07/25/2018
Added
11/10/2011
Modified
07/04/2017

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.A cross-site scripting (XSS) flaw was found in the way Thunderbird handledcertain multibyte character sets. Malicious, remote content could causeThunderbird to run JavaScript code with the permissions of different remotecontent. (CVE-2011-3648)Note: This issue cannot be exploited by a specially-crafted HTML mailmessage as JavaScript is disabled by default for mail messages. It could beexploited another way in Thunderbird, for example, when viewing the fullremote content of an RSS feed.All Thunderbird users should upgrade to this updated package, whichresolves this issue. All running instances of Thunderbird must be restartedfor the update to take effect.

Solution(s)

  • redhat-upgrade-thunderbird

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;