Overview

File _patchinfo of Package patchinfo.import4149

<patchinfo incident="MozillaThunderbird" version="4149">
  <issue tracker="bnc" id="667155" />
  <issue tracker="CVE" id="CVE-2011-0053" />
  <issue tracker="CVE" id="CVE-2011-0062" />
  <issue tracker="CVE" id="CVE-2011-0051" />
  <issue tracker="CVE" id="CVE-2011-0055" />
  <issue tracker="CVE" id="CVE-2011-0054" />
  <issue tracker="CVE" id="CVE-2011-0056" />
  <issue tracker="CVE" id="CVE-2011-0057" />
  <issue tracker="CVE" id="CVE-2011-0058" />
  <issue tracker="CVE" id="CVE-2010-1585" />
  <issue tracker="CVE" id="CVE-2011-0061" />
  <issue tracker="CVE" id="CVE-2011-0059" />
  <category>security</category>
  <rating>low</rating>
  <summary>MozillaThunderbird: Security update to 3.1.8</summary>
  <description>MozillaThunderbird was updated to version 3.1.8, fixing
various security issues.

Following security issues were fixed: MFSA 2011-01: Mozilla
developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code.

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff
Walden, Henry Sivonen, Martijn Wargers, David Baron and
Marcia Knous reported memory safety problems that affected
Firefox 3.6 and Firefox 3.5. (CVE-2011-0053)

Igor Bukanov and Gary Kwong reported memory safety problems
that affected Firefox 3.6 only. (CVE-2011-0062)



MFSA 2011-08 / CVE-2010-1585: Mozilla security developer
Roberto Suggi Liverani reported that ParanoidFragmentSink,
a class used to sanitize potentially unsafe HTML for
display, allows javascript: URLs and other inline
JavaScript when the embedding document is a chrome
document. While there are no unsafe uses of this class in
any released products, extension code could have
potentially used it in an unsafe manner.

MFSA 2011-09 / CVE-2011-0061: Security researcher Jordi
Chancel reported that a JPEG image could be constructed
that would be decoded incorrectly, causing data to be
written past the end of a buffer created to store the
image. An attacker could potentially craft such an image
that would cause malicious code to be stored in memory and
then later executed on a victim's computer.
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places