Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak.
Package | mail-client/mozilla-thunderbird on all architectures |
---|---|
Affected versions | < 1.0.5 |
Unaffected versions | >= 1.0.5 |
Package | mail-client/mozilla-thunderbird-bin on all architectures |
---|---|
Affected versions | < 1.0.5 |
Unaffected versions | >= 1.0.5 |
Mozilla Thunderbird is the next-generation mail client from the Mozilla project.
The following vulnerabilities were found and fixed in Mozilla Thunderbird:
A remote attacker could craft malicious email messages that would leverage these issues to inject and execute arbitrary script code with elevated privileges or help in stealing information.
There are no known workarounds for all the issues at this time.
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.0.5"
All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.0.5"
Release date
July 18, 2005
Latest revision
July 18, 2005: 01
Severity
normal
Exploitable
remote
Bugzilla entries