aru Posted March 2, 2006 Report Share Posted March 2, 2006 Mandriva Advisories MDKSA-2006:052 : mozilla-thunderbird Updated mozilla-thunderbird packages fix vulnerability March 2nd, 2006 The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:052 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts