Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)
Critical Nessus Plugin ID 53617
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionSecurity issues were identified and fixed in mozilla-thunderbird :
Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations.
The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071).
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).
The mozilla-thunderbird-lightning package shipped with MDVSA-2011:042 had a packaging bug that prevented extension to be loaded (#59951).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
Additionally, some packages which require so, have been rebuilt and are being provided as updates.
SolutionUpdate the affected packages.