Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 341823

Summary: mail-client/thunderbird{,bin}: Multiple Vulnerabilities (CVE-2010-{3173,3182,3170,3178,3177,3183,3180,3179,3176,3175,3174})
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major CC: mozilla
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [ebuild]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-10-19 22:20:41 UTC
+++ This bug was initially created as a clone of Bug #341821 +++

Mozilla has released nine advisories affecting these packages.

MFSA 2010-72 CVE-2010-3173 Low
Insecure Diffie-Hellman key exchange

MFSA 2010-71 CVE-2010-3182 Critical
Unsafe library loading vulnerabilities

MFSA 2010-70 CVE-2010-3170 Moderate
SSL wildcard certificate matching IP addresses

MFSA 2010-69 CVE-2010-3178 High
Cross-site information disclosure via modal calls

MFSA 2010-68 CVE-2010-3177 High
XSS in gopher parser when parsing hrefs

MFSA 2010-67 CVE-2010-3183 Critical
Dangling pointer vulnerability in LookupGetterOrSetter

MFSA 2010-66 CVE-2010-3180 Critical
Use-after-free error in nsBarProp

MFSA 2010-65 CVE-2010-3179 Critical
Buffer overflow and memory corruption using document.write

MFSA 2010-64 CVE-2010-3176, CVE-2010-3175, CVE-2010-3174 Critical
Miscellaneous memory safety hazards (rv:
Comment 1 Jory A. Pratt gentoo-dev 2010-10-20 03:31:22 UTC

*** This bug has been marked as a duplicate of bug 341821 ***