Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
Medium Nessus Plugin ID 79714
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594)
This update disables SSL 3.0 support by default in Thunderbird.
Details on how to re-enable SSL 3.0 support are available at :
After installing the update, Thunderbird must be restarted for the changes to take effect.
SolutionUpdate the affected thunderbird and / or thunderbird-debuginfo packages.