Mandriva

Navigation
Package name mozilla-thunderbird
Date April 25th, 2006
Advisory ID MDKSA-2006:078
Affected versions 2006.0

Problem Description

A number of vulnerabilities have been discovered in the Mozilla
Thunderbird email client that could allow a remote attacker to craft
malicious web emails that could take advantage of these issues to
execute arbitrary code with elevated privileges, spoof content, and
steal local files, or other information. As well, some of these
vulnerabilities can be exploited to execute arbitrary code with the
privileges of the user running the program.

As well, two crasher bugs have been fixed as well.

The updated packages have been patched to fix these problems.

Updated Packages

Mandriva Linux 2006

 db1cb3f95a9ed5c38eadf84ab15059dd  2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.i586.rpm
 4ac317574cda9d575725e2001c106c64  2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.i586.rpm
 c9788a8baa83accaa38a6962d019be16  2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.i586.rpm
 898658630b23e73046c50de78ae364b1  2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 6ceb2686941e208c141d1a339dd87f85  x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.x86_64.rpm
 57637d19befac214ef7c4c2cef84462d  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.x86_64.rpm
 f08fe4796dd84bbb9414668f55cbb2b9  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.x86_64.rpm
 898658630b23e73046c50de78ae364b1  x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
https://bugzilla.mozilla.org/show_bug.cgi?id=275896
https://bugzilla.mozilla.org/show_bug.cgi?id=330900

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.