Vulnerability-Lookup

CVE-2009-1309 (GCVE-0-2009-1309)

Vulnerability from cvelistv5 – Published: 2009-04-22 18:00 – Updated: 2024-08-07 05:04

Summary

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

31 references

URL	Tags
http://www.securitytracker.com/id?1022094	vdb-entryx_refsource_SECTRACK
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/34894	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1125	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/34758	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35536	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/34844	third-party-advisoryx_refsource_SECUNIA
http://www.mozilla.org/security/announce/2009/mfs…	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.ubuntu.com/usn/usn-782-1	vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/35065	third-party-advisoryx_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=478433	x_refsource_CONFIRM
https://usn.ubuntu.com/764-1/	vendor-advisoryx_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/35042	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/34656	vdb-entryx_refsource_BID
http://secunia.com/advisories/34843	third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1797	vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2009-0437.html	vendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2009-04…	vendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/34780	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
https://bugzilla.mozilla.org/show_bug.cgi?id=482206	x_refsource_CONFIRM

Date Public

2009-04-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022094",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022094"
          },
          {
            "name": "MDVSA-2009:111",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
          },
          {
            "name": "FEDORA-2009-3875",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
          },
          {
            "name": "34894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34894"
          },
          {
            "name": "ADV-2009-1125",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1125"
          },
          {
            "name": "34758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34758"
          },
          {
            "name": "35536",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35536"
          },
          {
            "name": "oval:org.mitre.oval:def:5265",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265"
          },
          {
            "name": "RHSA-2009:1125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6831",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831"
          },
          {
            "name": "34844",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-19.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6139",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139"
          },
          {
            "name": "USN-782-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-782-1"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=478433"
          },
          {
            "name": "USN-764-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/764-1/"
          },
          {
            "name": "MDVSA-2009:141",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
          },
          {
            "name": "oval:org.mitre.oval:def:5591",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9494",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494"
          },
          {
            "name": "35042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35042"
          },
          {
            "name": "34656",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34656"
          },
          {
            "name": "34843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34843"
          },
          {
            "name": "DSA-1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1797"
          },
          {
            "name": "RHSA-2009:0437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
          },
          {
            "name": "RHSA-2009:0436",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
          },
          {
            "name": "RHSA-2009:1126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
          },
          {
            "name": "34780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34780"
          },
          {
            "name": "264308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=482206"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document\u0027s principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1022094",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022094"
        },
        {
          "name": "MDVSA-2009:111",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
        },
        {
          "name": "FEDORA-2009-3875",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
        },
        {
          "name": "34894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34894"
        },
        {
          "name": "ADV-2009-1125",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1125"
        },
        {
          "name": "34758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34758"
        },
        {
          "name": "35536",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35536"
        },
        {
          "name": "oval:org.mitre.oval:def:5265",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265"
        },
        {
          "name": "RHSA-2009:1125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6831",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831"
        },
        {
          "name": "34844",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-19.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6139",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139"
        },
        {
          "name": "USN-782-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-782-1"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=478433"
        },
        {
          "name": "USN-764-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/764-1/"
        },
        {
          "name": "MDVSA-2009:141",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
        },
        {
          "name": "oval:org.mitre.oval:def:5591",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9494",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494"
        },
        {
          "name": "35042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35042"
        },
        {
          "name": "34656",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34656"
        },
        {
          "name": "34843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34843"
        },
        {
          "name": "DSA-1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1797"
        },
        {
          "name": "RHSA-2009:0437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
        },
        {
          "name": "RHSA-2009:0436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
        },
        {
          "name": "RHSA-2009:1126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
        },
        {
          "name": "34780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34780"
        },
        {
          "name": "264308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=482206"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1309",
    "datePublished": "2009-04-22T18:00:00.000Z",
    "dateReserved": "2009-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:04:49.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-1309",
      "date": "2026-06-30",
      "epss": "0.01351",
      "percentile": "0.68028"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1309\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-04-22T18:30:00.343\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document\u0027s principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.\"},{\"lang\":\"es\",\"value\":\"Mozilla Firefox anteriores a 3.0.9, Thunderbird, y SeaMonkey no implementan correctamente la pol\u00edtica de mismo origen para (1) XMLHttpRequest, suponiendo una perdida del documento principal, y (2) XPCNativeWrapper.toString, suponiendo un alcance _proto_ incorrecto, permitiendo a atacantes remotos con la intervenci\u00f3n del usuario realizar ataques de secuencias de comandos en sitios cruzados (XSS) y posiblemente otros ataques al utilizar documentos manipulados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.8\",\"matchCriteriaId\":\"FF7EBD73-EAFC-4D89-9962-8EBB2BB3DBDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C7AA88B-638A-451A-B235-A1A1444BE417\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C01AD7C-8470-47AB-B8AE-670E3A381E89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E43F2F1-9252-4B44-8A61-D05305915A5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BB9D48B-DC7B-4D92-BB26-B6DE629A2506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A360D595-A829-4DDE-932E-9995626917E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E9B5349-FAA7-4CDA-9533-1AD1ACDFAC4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07243837-C353-4C25-A5B1-4DA32807E97D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B832C034-F793-415F-BFC8-D97A18BA6BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83CD1A13-66CB-49CC-BD84-5D8334DB774A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C142C5-3A85-432B-80D6-2E7B1B4694F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2434FCE7-A50B-4527-9970-C7224B31141C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"5633FB6E-D623-49D4-9858-4E20E64DE458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"429ECA02-DBCD-45FB-942C-CA4BC1BC8A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F0DC80-5473-465C-9D7F-9589F1B78E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"567FF916-7DE0-403C-8528-7931A43E0D18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E15536D0-B6A3-4106-8196-021724324CAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"010B34F4-910E-4515-990B-8E72DF009578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A545A77-2198-4685-A87F-E0F2DAECECF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*\",\"matchCriteriaId\":\"438AACF8-006F-4522-853F-30DBBABD8C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778FAE0C-A5CF-4B67-93A9-1A803E3E699F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7447185-7509-449D-8907-F30A42CF7EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDBAC37-9D08-44D1-B279-BC6ACF126CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFF89FA-2020-43CC-BACD-D66117B3DD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834BB391-5EB5-43A8-980A-D305EDAE6FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A38AD88-BAA6-4FBE-885B-69E951BD1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"659F5DAF-D54F-43FB-AB2A-3FC7D456B434\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B500EE6C-99DB-49A3-A1F1-AFFD7FE28068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F2938F2-A801-45E5-8E06-BE03DE03C8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB88E86-6E83-4A59-9266-8B98AA91774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BE50FE-EA21-4633-A181-CD35196DF06E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6BF5B1-86D1-47FE-9D9C-735718F94874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D15CE0-69DF-4EFD-801E-96A4D6AABEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F38886-C25A-4C6B-93E7-36461405BA99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C65D2670-F37F-48CB-804A-D35BB1C27D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE8E5194-7B34-4802-BDA6-6A86EB5EDE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2917BD67-CE81-4B94-B241-D4A9DDA60319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A524A94E-F19B-42B9-AA8E-171751C339AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71436CF-F756-44E0-8E69-6951F6B3E54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"582EE839-B83F-4908-9780-D0C92DC44FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"824369CF-00A0-434E-94BC-71CA1317012C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB35099-B04E-4796-A25D-953329FE62F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C30ACBCA-4FA1-46DE-8F15-4830BC27E160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9453EF65-7C69-449E-BF7C-4FECFB56713E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AA75825-21CF-475B-8040-126A13FA2216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA97C80E-17FA-4866-86CE-29886145ED80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE24BED-202E-416D-B5F2-8207D97B9939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04198E04-CE1D-4A5A-A20C-D1E135B45F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717DB967-F658-4699-A224-5B261BFEC10A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3487FA64-BE04-42CA-861E-3DAC097D7D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61EA4A1-1916-48A5-8196-E3CDEF3108F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A956C036-1E47-49B2-A971-69868A510B75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5AA254D-D41E-464F-9E2A-A950F08C6946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05D2655-6641-42BE-9793-30005AC9D40D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D956DC-C73B-439F-8D79-8239207CC76F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E2C7E7-56C0-466C-BB08-5EB43922C4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"462E135A-5616-46CC-A9C0-5A7A0526ACC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6121F9C1-F4DF-4AAB-9E51-AC1592AA5639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D44634-A0B5-4F05-8983-B08D392EC742\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4105171B-9C90-4ABF-B220-A35E7BA9EE40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20985549-DB24-4B69-9D40-208A47AE658E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43A13026-416F-4308-8A1B-E989BD769E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"612B015E-9F96-4CE6-83E4-23848FD609E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E391619-0967-43E1-8CBC-4D54F72A85C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0544D626-E269-4677-9B05-7DAB23BD103B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C95F7B2C-80FC-4DF2-9680-F74634DCE3E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"863C140E-DC15-4A88-AB8A-8AEF9F4B8164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CD049A-5333-4FF7-AD34-6B74E19BADCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0066576D-D66A-4B59-B5C3-471EEBEE8B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60ED6DAA-9194-4829-BC1A-00F04BE7930A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13BEB9A6-EFD5-4793-9603-84DB84F1CF7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461163C6-4CA8-4BA9-95A1-136E612CBA6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"275E9D96-1290-44AB-BF9B-E9E4A803F593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"140EFF03-09CB-436E-AF3F-1CEEFF4D3F1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23D609B2-F66C-40F1-B7D9-965189F875A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"327D8879-0B61-4681-886D-C53BE251E0ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59017F18-6C4E-4803-8A65-DB2A849C3197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF006282-943B-4885-B523-6E575D664059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26356AB4-1C06-4E16-BAC1-B6A41626A222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC11707-DF87-4046-964D-40CF22385A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73F1171-E34D-4AC0-BF8B-3DB38AA13EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0422C796-ECC4-42C1-9580-1CE22A096244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"412DF091-7604-4110-87A0-3488116A97E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"13AAF607-AEEE-4FAF-BE63-73B1D951EF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"20139741-10B1-4E4B-8D5F-A715042049C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63DF3D65-C992-44CF-89B4-893526C6242E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9024117-2E8B-4240-9E21-CC501F3879B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52624B41-AB34-40AD-8709-D9646B618AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"917E9856-9556-4FD6-A834-858F8837A6B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"880CAA7D-398A-4B26-9754-FD188CE9729D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138701FB-929A-4683-B41F-CB014ACFE44A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C8E657-3049-4462-98F6-296C60BC8C5C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2009-0437.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34758\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34780\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34843\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34844\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34894\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35042\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35065\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35536\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1797\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:111\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:141\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mozilla.org/security/announce/2009/mfsa2009-19.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0436.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1125.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1126.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/34656\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1022094\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-782-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1125\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=478433\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=482206\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://usn.ubuntu.com/764-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2009-0437.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2009/mfsa2009-19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0436.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1125.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1126.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-782-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=478433\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=482206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/764-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2009:1126

Vulnerability from csaf_redhat - Published: 2009-06-25 15:07 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: thunderbird security update

Severity

Moderate

Notes

Topic: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309) A flaw was found in the way Thunderbird handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Thunderbird instance that is using a proxy server, they may be able to steal sensitive information from the site Thunderbird is displaying. (CVE-2009-1836) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2009-1303

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2009-1305

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2009-1306

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

5.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:N

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2009-1308

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2009-1309

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-1392

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2009-1833

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

1.8 ()


                        
                          AV:A/AC:H/Au:N/C:P/I:N/A:N

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2009-2210

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386	—	Vendor Fix fix
Unresolved product id: 5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64	—	Vendor Fix fix

Threats

Impact Important

References

58 references

URL	Category
https://access.redhat.com/errata/RHSA-2009:1126	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=456202	external
https://bugzilla.redhat.com/show_bug.cgi?id=496253	external
https://bugzilla.redhat.com/show_bug.cgi?id=496256	external
https://bugzilla.redhat.com/show_bug.cgi?id=496262	external
https://bugzilla.redhat.com/show_bug.cgi?id=496263	external
https://bugzilla.redhat.com/show_bug.cgi?id=496266	external
https://bugzilla.redhat.com/show_bug.cgi?id=496267	external
https://bugzilla.redhat.com/show_bug.cgi?id=503568	external
https://bugzilla.redhat.com/show_bug.cgi?id=503570	external
https://bugzilla.redhat.com/show_bug.cgi?id=503578	external
https://bugzilla.redhat.com/show_bug.cgi?id=503580	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2009-1303	self
https://bugzilla.redhat.com/show_bug.cgi?id=496253	external
https://www.cve.org/CVERecord?id=CVE-2009-1303	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1303	external
https://access.redhat.com/security/cve/CVE-2009-1305	self
https://bugzilla.redhat.com/show_bug.cgi?id=496256	external
https://www.cve.org/CVERecord?id=CVE-2009-1305	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1305	external
https://access.redhat.com/security/cve/CVE-2009-1306	self
https://bugzilla.redhat.com/show_bug.cgi?id=496262	external
https://www.cve.org/CVERecord?id=CVE-2009-1306	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1306	external
https://access.redhat.com/security/cve/CVE-2009-1307	self
https://bugzilla.redhat.com/show_bug.cgi?id=496263	external
https://www.cve.org/CVERecord?id=CVE-2009-1307	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1307	external
https://access.redhat.com/security/cve/CVE-2009-1308	self
https://bugzilla.redhat.com/show_bug.cgi?id=496266	external
https://www.cve.org/CVERecord?id=CVE-2009-1308	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1308	external
https://access.redhat.com/security/cve/CVE-2009-1309	self
https://bugzilla.redhat.com/show_bug.cgi?id=496267	external
https://www.cve.org/CVERecord?id=CVE-2009-1309	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1309	external
https://access.redhat.com/security/cve/CVE-2009-1392	self
https://bugzilla.redhat.com/show_bug.cgi?id=503568	external
https://www.cve.org/CVERecord?id=CVE-2009-1392	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1392	external
https://access.redhat.com/security/cve/CVE-2009-1833	self
https://bugzilla.redhat.com/show_bug.cgi?id=503570	external
https://www.cve.org/CVERecord?id=CVE-2009-1833	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1833	external
https://access.redhat.com/security/cve/CVE-2009-1836	self
https://bugzilla.redhat.com/show_bug.cgi?id=503578	external
https://www.cve.org/CVERecord?id=CVE-2009-1836	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1836	external
https://access.redhat.com/security/cve/CVE-2009-1838	self
https://bugzilla.redhat.com/show_bug.cgi?id=503580	external
https://www.cve.org/CVERecord?id=CVE-2009-1838	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1838	external
https://access.redhat.com/security/cve/CVE-2009-2210	self
https://bugzilla.redhat.com/show_bug.cgi?id=507812	external
https://www.cve.org/CVERecord?id=CVE-2009-2210	external
https://nvd.nist.gov/vuln/detail/CVE-2009-2210	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated thunderbird package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code as the user running\nThunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,\nCVE-2009-1838)\n\nSeveral flaws were found in the way malformed HTML mail content was\nprocessed. An HTML mail message containing malicious content could execute\narbitrary JavaScript in the context of the mail message, possibly\npresenting misleading data to the user, or stealing sensitive information\nsuch as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309)\n\nA flaw was found in the way Thunderbird handled error responses returned\nfrom proxy servers. If an attacker is able to conduct a man-in-the-middle\nattack against a Thunderbird instance that is using a proxy server, they\nmay be able to steal sensitive information from the site Thunderbird is\ndisplaying. (CVE-2009-1836)\n\nNote: JavaScript support is disabled by default in Thunderbird. None of the\nabove issues are exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1126",
        "url": "https://access.redhat.com/errata/RHSA-2009:1126"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "456202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456202"
      },
      {
        "category": "external",
        "summary": "496253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253"
      },
      {
        "category": "external",
        "summary": "496256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256"
      },
      {
        "category": "external",
        "summary": "496262",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262"
      },
      {
        "category": "external",
        "summary": "496263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263"
      },
      {
        "category": "external",
        "summary": "496266",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266"
      },
      {
        "category": "external",
        "summary": "496267",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267"
      },
      {
        "category": "external",
        "summary": "503568",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568"
      },
      {
        "category": "external",
        "summary": "503570",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570"
      },
      {
        "category": "external",
        "summary": "503578",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578"
      },
      {
        "category": "external",
        "summary": "503580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1126.json"
      }
    ],
    "title": "Red Hat Security Advisory: thunderbird security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:47+00:00",
      "generator": {
        "date": "2025-11-21T17:34:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1126",
      "initial_release_date": "2009-06-25T15:07:00+00:00",
      "revision_history": [
        {
          "date": "2009-06-25T15:07:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-06-25T11:07:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
                  "product_id": "5Server-DPAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_productivity:5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:2.0.0.22-2.el5_3.src",
                "product": {
                  "name": "thunderbird-0:2.0.0.22-2.el5_3.src",
                  "product_id": "thunderbird-0:2.0.0.22-2.el5_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@2.0.0.22-2.el5_3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
                "product": {
                  "name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
                  "product_id": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@2.0.0.22-2.el5_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
                "product": {
                  "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
                  "product_id": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.22-2.el5_3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:2.0.0.22-2.el5_3.i386",
                "product": {
                  "name": "thunderbird-0:2.0.0.22-2.el5_3.i386",
                  "product_id": "thunderbird-0:2.0.0.22-2.el5_3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@2.0.0.22-2.el5_3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
                "product": {
                  "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
                  "product_id": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@2.0.0.22-2.el5_3?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386"
        },
        "product_reference": "thunderbird-0:2.0.0.22-2.el5_3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:2.0.0.22-2.el5_3.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:2.0.0.22-2.el5_3.src"
        },
        "product_reference": "thunderbird-0:2.0.0.22-2.el5_3.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64"
        },
        "product_reference": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386"
        },
        "product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
          "product_id": "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386"
        },
        "product_reference": "thunderbird-0:2.0.0.22-2.el5_3.i386",
        "relates_to_product_reference": "5Server-DPAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:2.0.0.22-2.el5_3.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
          "product_id": "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src"
        },
        "product_reference": "thunderbird-0:2.0.0.22-2.el5_3.src",
        "relates_to_product_reference": "5Server-DPAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
          "product_id": "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64"
        },
        "product_reference": "thunderbird-0:2.0.0.22-2.el5_3.x86_64",
        "relates_to_product_reference": "5Server-DPAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
          "product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386"
        },
        "product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
        "relates_to_product_reference": "5Server-DPAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)",
          "product_id": "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
        "relates_to_product_reference": "5Server-DPAS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-1303",
      "discovery_date": "2009-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496253"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox 2 and 3 Layout engine crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1303"
        },
        {
          "category": "external",
          "summary": "RHBZ#496253",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1303"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1303",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1303"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Firefox 2 and 3 Layout engine crash"
    },
    {
      "cve": "CVE-2009-1305",
      "discovery_date": "2009-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496256"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox 2 and 3 JavaScript engine crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1305"
        },
        {
          "category": "external",
          "summary": "RHBZ#496256",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1305"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Firefox 2 and 3 JavaScript engine crash"
    },
    {
      "cve": "CVE-2009-1306",
      "discovery_date": "2009-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496262"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a \"Content-Disposition: attachment\" designation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jar: scheme ignores the content-disposition: header on the inner URI",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1306"
        },
        {
          "category": "external",
          "summary": "RHBZ#496262",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1306"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jar: scheme ignores the content-disposition: header on the inner URI"
    },
    {
      "cve": "CVE-2009-1307",
      "discovery_date": "2009-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "view-source: protocol",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1307"
        },
        {
          "category": "external",
          "summary": "RHBZ#496263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1307"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1307",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1307"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "view-source: protocol"
    },
    {
      "cve": "CVE-2009-1308",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2009-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496266"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox XSS hazard using third-party stylesheets and XBL bindings",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1308"
        },
        {
          "category": "external",
          "summary": "RHBZ#496266",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1308"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1308",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1308"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Firefox XSS hazard using third-party stylesheets and XBL bindings"
    },
    {
      "cve": "CVE-2009-1309",
      "discovery_date": "2009-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496267"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document\u0027s principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1309"
        },
        {
          "category": "external",
          "summary": "RHBZ#496267",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1309"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1309",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1309"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString"
    },
    {
      "cve": "CVE-2009-1392",
      "discovery_date": "2009-05-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503568"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox browser engine crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1392"
        },
        {
          "category": "external",
          "summary": "RHBZ#503568",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1392"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1392",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1392"
        }
      ],
      "release_date": "2009-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Firefox browser engine crashes"
    },
    {
      "cve": "CVE-2009-1833",
      "discovery_date": "2009-05-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503570"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox JavaScript engine crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1833"
        },
        {
          "category": "external",
          "summary": "RHBZ#503570",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1833",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1833"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1833",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1833"
        }
      ],
      "release_date": "2009-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Firefox JavaScript engine crashes"
    },
    {
      "cve": "CVE-2009-1836",
      "discovery_date": "2009-05-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503578"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox SSL tampering via non-200 responses to proxy CONNECT requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1836"
        },
        {
          "category": "external",
          "summary": "RHBZ#503578",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1836"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1836",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1836"
        }
      ],
      "release_date": "2009-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Firefox SSL tampering via non-200 responses to proxy CONNECT requests"
    },
    {
      "cve": "CVE-2009-1838",
      "discovery_date": "2009-05-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503580"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element\u0027s owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Firefox arbitrary code execution flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1838"
        },
        {
          "category": "external",
          "summary": "RHBZ#503580",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1838"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1838",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1838"
        }
      ],
      "release_date": "2009-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Firefox arbitrary code execution flaw"
    },
    {
      "cve": "CVE-2009-2210",
      "discovery_date": "2009-06-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "507812"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Thunderbird mail crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
          "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
          "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-2210"
        },
        {
          "category": "external",
          "summary": "RHBZ#507812",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-2210"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2210",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2210"
        }
      ],
      "release_date": "2009-06-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-06-25T15:07:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1126"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Client:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Client:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.src",
            "5Server-DPAS:thunderbird-0:2.0.0.22-2.el5_3.x86_64",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.i386",
            "5Server-DPAS:thunderbird-debuginfo-0:2.0.0.22-2.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Thunderbird mail crash"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1309 (GCVE-0-2009-1309)

RHSA-2009:1126

Tags

Sightings

Nomenclature