FrSIRT - Fedora Security Update Fixes Mozilla Thunderbird Multiple Code Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Mozilla Thunderbird Multiple Code Execution Vulnerabilities

Title : Fedora Security Update Fixes Mozilla Thunderbird Multiple Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2006-5123
CVE ID : CVE-2006-6497 - CVE-2006-6498 - CVE-2006-6501 - CVE-2006-6502 - CVE-2006-6503 - CVE-2006-6504 - CVE-2006-6505
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-22

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released security updates to address multiple vulnerabilities identified in Mozilla Thunderbird [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

b412bd483c481eb2adcb833db850a36c333978bf SRPMS/thunderbird-1.5.0.9-2.fc6.src.rpm
b412bd483c481eb2adcb833db850a36c333978bf noarch/thunderbird-1.5.0.9-2.fc6.src.rpm
5c371d13b3209d5507448e9ebe9078521deac5fe ppc/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.ppc.rpm
a44fb695adca3b8addda5c1331a44aeea1825fb1 ppc/thunderbird-1.5.0.9-2.fc6.ppc.rpm
3cd6cc302db68faa3b1e2505820161fcc6af8efc x86_64/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.x86_64.rpm
3452f2cb4e52493ed7ccd23adae523721a3e7c63 x86_64/thunderbird-1.5.0.9-2.fc6.x86_64.rpm
c13038e3e9c6615e5b9896fc0c979a5535d7ea49 i386/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.i386.rpm
ab9a4abdbad15b2e26b60e112331e5cc2741d1d5 i386/thunderbird-1.5.0.9-2.fc6.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

d4f33e774063d935dca0c06e9c54b6e09021a126 SRPMS/thunderbird-1.5.0.9-2.fc5.src.rpm
d4f33e774063d935dca0c06e9c54b6e09021a126 noarch/thunderbird-1.5.0.9-2.fc5.src.rpm
e201f238ae5b6c03b7a03776f0e24d4420389dcd ppc/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.ppc.rpm
65f263d0713d4700c929a5420b6148688b0c2634 ppc/thunderbird-1.5.0.9-2.fc5.ppc.rpm
075baee3cd3823bb3415d24a3a7f3d5b6b5742f7 x86_64/thunderbird-1.5.0.9-2.fc5.x86_64.rpm
68a8644f2ba6ad5af6e425aabfb7f1601936161e x86_64/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.x86_64.rpm
210aad8474c210385462ef9b68c1b6f841a63163 i386/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.i386.rpm
643faacd27e83ec8676d3054af85479bed335913 i386/thunderbird-1.5.0.9-2.fc5.i386.rpm

ChangeLog

2006-12-22 : Initial release
2007-01-02 : Updated Solution

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

	Cisco IOS/CatOS VLAN Trunking Protocol DoS Vulnerability
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability
	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability