news.debuntu.org

Resolved Bugs452598 - CVE-2008-2799 Firefox javascript arbitrary code execution452709 - CVE-2008-2807 Firefox .properties memory leak452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)452597 - CVE-2008-2798 Firefox malformed web content flaws452602 - CVE-2008-2803 Firefox javascript arbitrary code execution453007 - CVE-2008-2811 Firefox block reflow flaw452600 - CVE-2008-2802 Firefox arbitrary JavaScript code execution452711 - CVE-2008-2809 Firefox self signed certificate flawUpdated thunderbird packages that fix several security issues are now available for Fedora 9.
Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2802, CVE-2008-2803)
A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807)
A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809)
Thunderbird was updated to upstream version 2.0.0.16 to address these flaws:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html...