Synopsis: Critical: thunderbird security update
Issue Date: 2011-09-28
CVE Numbers: CVE-2011-2999
Mozilla Thunderbird is a standalone mail and newsgroup client.
A flaw was found in the way Thunderbird handled frame objects with certain
names. An attacker could use this flaw to cause a plug-in to grant its
content access to another site or the local file system, violating the
same-origin policy. (CVE-2011-2999)
An integer underflow flaw was found in the way Thunderbird handled large
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2011-2998)
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.
– Scientific Linux Development Team