Bug 341823

Summary:	mail-client/thunderbird{,bin}: Multiple Vulnerabilities (CVE-2010-{3173,3182,3170,3178,3177,3183,3180,3179,3176,3175,3174})
Product:	Gentoo Security	Reporter:	Tim Sammut (RETIRED) <underling>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	major	CC:	mozilla
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.mozilla.org/security/announce/
Whiteboard:	A2 [ebuild]
Package list:		Runtime testing required:	---

Description Tim Sammut (RETIRED) gentoo-dev

2010-10-19 22:20:41 UTC

+++ This bug was initially created as a clone of Bug #341821 +++

Mozilla has released nine advisories affecting these packages.

MFSA 2010-72 CVE-2010-3173 Low
Insecure Diffie-Hellman key exchange

MFSA 2010-71 CVE-2010-3182 Critical
Unsafe library loading vulnerabilities

MFSA 2010-70 CVE-2010-3170 Moderate
SSL wildcard certificate matching IP addresses

MFSA 2010-69 CVE-2010-3178 High
Cross-site information disclosure via modal calls

MFSA 2010-68 CVE-2010-3177 High
XSS in gopher parser when parsing hrefs

MFSA 2010-67 CVE-2010-3183 Critical
Dangling pointer vulnerability in LookupGetterOrSetter

MFSA 2010-66 CVE-2010-3180 Critical
Use-after-free error in nsBarProp

MFSA 2010-65 CVE-2010-3179 Critical
Buffer overflow and memory corruption using document.write

MFSA 2010-64 CVE-2010-3176, CVE-2010-3175, CVE-2010-3174 Critical
Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Comment 1 Jory A. Pratt gentoo-dev

2010-10-20 03:31:22 UTC


*** This bug has been marked as a duplicate of bug 341821 ***