Debian DSA-1159-2 : mozilla-thunderbird - several vulnerabilities
High Nessus Plugin ID 22701
SynopsisThe remote Debian host is missing a security-related update.
DescriptionThe latest security updates of Mozilla Thunderbird introduced a regression that led to a dysfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text :
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :
- CVE-2006-3808 Remote Proxy AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]
- CVE-2006-3809 Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]
- CVE-2006-3810 A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML.
SolutionUpgrade the mozilla-thunderbird package.
For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8b.2.