From Fedora Project Wiki

< FSA‎ | F7

[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1180
2007-07-20 12:32:17.311992
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 7
Version     : 2.0.0.5
Release     : 1.fc7
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed certain malformed JavaScript code.
A malicious HTML email message containing JavaScript code could cause Thunderbird to crash
or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is
disabled by default in Thunderbird; these issues are not exploitable unless the user has
enabled JavaScript.
(CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches
that correct these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2007 Kai Engert <kengert@redhat.com> - 2.0.0.5-1
- 2.0.0.5
* Fri Jun 15 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-1
- 2.0.0.4
* Fri Jun  8 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-0.rc1
- 2.0.0.4 rc1
--------------------------------------------------------------------------------
References:

[ 1 ]  Bug #248518
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
[ 2 ]  CVE-2007-3734
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
[ 3 ]  CVE-2007-3735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
[ 4 ]  CVE-2007-3736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
[ 5 ]  CVE-2007-3089
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
[ 6 ]  CVE-2007-3737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
[ 7 ]  CVE-2007-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:

406b91a7a359a5116abc1de38d66f02475330193 thunderbird-2.0.0.5-1.fc7.ppc64.rpm
2b7400c86c54e4b77fda5c8c5d7f6e57e3a4eadb thunderbird-debuginfo-2.0.0.5-1.fc7.ppc64.rpm
f7f02885088254a8257fd6d20728785a600adaf5 thunderbird-debuginfo-2.0.0.5-1.fc7.i386.rpm
34c53a1f3b96d014e8bb6ca02704590be0baa980 thunderbird-2.0.0.5-1.fc7.i386.rpm
4d5328a7b0744d9cb9f73648e959c0cc7d62dee1 thunderbird-debuginfo-2.0.0.5-1.fc7.x86_64.rpm
1c57f5e01d960b6a0600cc7817764f13602058e7 thunderbird-2.0.0.5-1.fc7.x86_64.rpm
1c5eaadb7684dac209c38b9f1fcff1a002caed2c thunderbird-debuginfo-2.0.0.5-1.fc7.ppc.rpm
0fe3b5c19898df0c2976fdc8e19482dbe0903707 thunderbird-2.0.0.5-1.fc7.ppc.rpm
d8525d565bd1523e8763f0aee0ec463257af98e2 thunderbird-2.0.0.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------