Fedora Core 4 : thunderbird-1.0.8-1.1.fc4 (2006-489)
High Nessus Plugin ID 24089
SynopsisThe remote Fedora Core host is missing a security update.
DescriptionUpdated thunderbird packages that fix various bugs are now available for Fedora Core 4.
This update has been rated as having critical security impact by the Fedora Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
(CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)
Several bugs were found in the way Thunderbird processes malformed HTML mail messages. A carefully crafted malicious HTML mail message could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)
A bug was found in the way Thunderbird processes certain inline content in HTML mail messages. It may be possible for a remote attacker to send a carefully crafted mail message to the victim, which will fetch remote content, even if Thunderbird is configured not to fetch remote content. (CVE-2006-1045)
Users of Thunderbird are advised to upgrade to these updated packages containing Thunderbird version 1.0.8, which is not vulnerable to these issues.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected thunderbird and / or thunderbird-debuginfo packages.