SynopsisThe remote Red Hat host is missing a security update.
DescriptionUpdated thunderbird packages that fix various bugs are now available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
[Updated 24 Apr 2006] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages but which were not public at the time of release. No changes have been made to the packages.
Mozilla Thunderbird is a standalone mail and newsgroup client.
(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)
Several bugs were found in the way Thunderbird processes malformed HTML mail messages. A carefully crafted malicious HTML mail message could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)
A bug was found in the way Thunderbird processes certain inline content in HTML mail messages. It may be possible for a remote attacker to send a carefully crafted mail message to the victim, which will fetch remote content, even if Thunderbird is configured not to fetch remote content. (CVE-2006-1045)
Users of Thunderbird are advised to upgrade to these updated packages containing Thunderbird version 1.0.8, which is not vulnerable to these issues.
SolutionUpdate the affected thunderbird package.