|
|
>> Mandriva Security Update Fixes Mozilla Thunderbird Spoofing Vulnerability
|
Title : Mandriva Security Update Fixes Mozilla Thunderbird Spoofing Vulnerability VUPEN ID : VUPEN/ADV-2006-0340 CVE ID : CVE-2006-0236
Rated as : Low Risk 
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-01-25
|
Mandriva has released updated packages to address a vulnerability identified in Mozilla Thunderbird. This flaw is due to an error when displaying email attachments with specially crafted "Content-Type" headers and overly long filenames, which could be exploited by attackers to spoof file types and extensions and trick users into opening and executing malicious content. For additional information, see : VUPEN/ADV-2006-0230
Affected Products
Mandriva Linux 2006.0
Solution
Upgrade the affected packages :
Mandriva Linux 2006.0:
ec5571737dd8a0908f6532d657ccc378 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.i586.rpm
6ad6aa5666f6ba499c3e78a9e24f4917 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.3.20060mdk.i586.rpm
a89fceffe0e0429c634b0b76120ee36a 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.3.20060mdk.i586.rpm
8babd434a3fe12a7134239ca36658743 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
5df5db7c2e45cf30d3d5f0209a7b0cd8 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.x86_64.rpm
58595fbd0a66345df85e4e586ee2bbd8 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.3.20060mdk.x86_64.rpm
351d08e5ca2c990fd6496f857b2b1fb0 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.3.20060mdk.x86_64.rpm
8babd434a3fe12a7134239ca36658743 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.src.rpm
References
http://www.vupen.com/english/advisories/2006/0340 http://www.frsirt.com/english/reference/5036
ChangeLog
2006-01-25 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|