The Mozilla Foundation has reported numerous security vulnerabilities related to Mozilla Thunderbird.
Package | mail-client/mozilla-thunderbird on all architectures |
---|---|
Affected versions | < 1.5.0.5 |
Unaffected versions | >= 1.5.0.5 |
Package | mail-client/mozilla-thunderbird-bin on all architectures |
---|---|
Affected versions | < 1.5.0.5 |
Unaffected versions | >= 1.5.0.5 |
The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language).
The following vulnerabilities have been reported:
A user can be enticed to open specially crafted URLs, visit webpages containing malicious JavaScript or execute a specially crafted script. These events could lead to the execution of arbitrary code, or the installation of malware on the user's computer.
There is no known workaround at this time.
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.5"
All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.5"
Release date
August 03, 2006
Latest revision
August 03, 2006: 01
Severity
normal
Exploitable
remote
Bugzilla entries