RHEL 4 / 5 : thunderbird (RHSA-2007:0401)
High Nessus Plugin ID 25366
SynopsisThe remote Red Hat host is missing a security update.
DescriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869)
A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558)
A flaw was found in the way Thunderbird displayed certain web content.
A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
Users of Thunderbird are advised to apply this update, which contains Thunderbird version 220.127.116.11 that corrects these issues.
SolutionUpdate the affected thunderbird package.