Giuseppe Iuculano
2008-Nov-13 15:08 UTC
[Secure-testing-team] Bug#505563: Mozilla Thunderbird Multiple Vulnerabilities
Package: icedove Severity: critical Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for Thunderbird: SA32715[1] Description: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user''s system. For more information: SA32693 The vulnerabilities are reported in versions prior to 2.0.0.18. Solution: The vulnerabilities will be fixed in the upcoming 2.0.0.18 version. The vendor recommends disabling JavaScript support. Original Advisory: http://www.mozilla.org/security/announce/2008/mfsa2008-48.html http://www.mozilla.org/security/announce/2008/mfsa2008-50.html http://www.mozilla.org/security/announce/2008/mfsa2008-52.html http://www.mozilla.org/security/announce/2008/mfsa2008-55.html http://www.mozilla.org/security/announce/2008/mfsa2008-56.html http://www.mozilla.org/security/announce/2008/mfsa2008-58.html Other References: SA32693[2] CVE reference: CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 If you fix the vulnerability please also make sure to include the the CVE id in the changelog entry. [1]http://secunia.com/advisories/32715/ [2]http://secunia.com/advisories/32693/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkcQtAACgkQNxpp46476ao5OwCeNCFW4/5lurndSIqfTBQtkC4i u6EAn0NS5yuBbdPRyHFDYxVdjEPKSIZI =41lt -----END PGP SIGNATURE-----