The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Thunderbird 1.0: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities were announced in Thunderbird 1.0, the worst one leading to code execution.
Impacted products: Debian, Fedora, Tru64 UNIX, HP-UX, Mandriva Linux, Mozilla Suite, Thunderbird, openSUSE, Solaris, Trusted Solaris, RHEL, RedHat Linux, Slackware.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 18/04/2006.
Références of this threat: 102550, 20060404-01-U, 228526, 6424579, c00672120, c00679472, CERTA-2002-AVI-144, CERTA-2006-AVI-156, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-1538, CVE-2006-1727, CVE-2006-1728, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1739, CVE-2006-1742, DSA-1046-1, DSA-1051-1, FEDORA-2006-486, FEDORA-2006-487, FEDORA-2006-488, FEDORA-2006-489, FEDORA-2006-490, FEDORA-2006-491, FEDORA-2006-492, FEDORA-2006-493, FEDORA-2006-494, FEDORA-2006-495, FLSA:189137-1, FLSA:189672, FLSA-2006:189137-1, FLSA-2006:189672, HPSBTU02118, HPSBUX02122, MDKSA-2006:076, MDKSA-2006:078, MFSA2006-01, MFSA2006-05, MFSA2006-10, MFSA2006-11, MFSA2006-14, MFSA2006-15, MFSA2006-16, MFSA2006-17, MFSA2006-18, MFSA2006-19, MFSA2006-22, MFSA2006-24, MFSA2006-25, MFSA2006-27, RHSA-2006:032, RHSA-2006:0329-01, RHSA-2006:033, RHSA-2006:0330-01, SSA:2006-114-01, SSRT061145, SSRT061158, SUSE-SA:2006:022, VIGILANCE-VUL-5775, ZDI-06-009, ZDI-06-010, ZDI-06-011.

Description of the vulnerability 

Several vulnerabilities were announced in Thunderbird 1.0.

An attacker can invite user to run a malicious Javascript code to conduct a denial of service or to run code (MFSA 2006-01, CVE-2006-0292, CVE-2006-0293, VIGILANCE-VUL-5578).

An attacker can inject Javascript code to be run on starting (MFSA 2006-05, CVE-2006-0296, VIGILANCE-VUL-5581).

An attacker can corrupt memory during garbage collection (MFSA 2006-10, CVE-2006-1742).

Several memory corruptions lead to code execution (MFSA 2006-11, CVE-2006-1739, CVE-2006-1538, CVE-2006-1737).

An attacker can elevate his privileges using XBL.method.eval (MFSA 2006-14, CVE-2006-1735).

An attacker can run privileged Javascript with Object.watch() (MFSA 2006-15, CVE-2006-1734).

An attacker can install a malicious program via valueOf.call() (MFSA 2006-16, CVE-2006-1733).

An attacker can conduct a Cross Site Scripting attack via window.controllers (MFSA 2006-17, CVE-2006-1732).

An attacker can corrupt memory by changing tag order (MFSA 2006-18, CVE-2006-0749).

An attacker can conduct a Cross Site Scripting attack via valueOf.call() (MFSA 2006-19, CVE-2006-1731).

An integer overflow occurs in CSS letter-spacing property (MFSA 2006-22, CVE-2006-1730).

An attacker can increase his privileges using crypto.generateCRMFRequest (MFSA 2006-24, CVE-2006-1728).

An attacker can obtain chrome privileges using Print Preview (MFSA 2006-25, CVE-2006-1727).

An attacker can corrupt memory by changing tag order (MFSA 2006-27, CVE-2006-0748).
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Debian, Fedora, Tru64 UNIX, HP-UX, Mandriva Linux, Mozilla Suite, Thunderbird, openSUSE, Solaris, Trusted Solaris, RHEL, RedHat Linux, Slackware.

Our Vigil@nce team determined that the severity of this computer weakness is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 17 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

Thunderbird: nouvelle version 1.0.8.
Version 1.0.8 is corrected:
  http://www.mozilla.com/

Mozilla: version 1.7.13.
Version 1.7.13 is corrected:
  http://www.mozilla.org/releases/mozilla1.7.13/

Debian: new mozilla packages.
New packages are available:
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 170350 1890d8f6cf1f6d7d3f24862b8b236d5e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 136640 cb2ab0bf38cc5afff64327cbf4f79fbe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 187128 af578fd816c0534baa15529168dd1170
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 661394 3a94641ec0f1b8bebbed0b428f40e3e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 1030 42b5cb15c988c9d2328e6be2266dda42
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 10332780 89748f75d483a5b4905e842cf85081a6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 403506 3b03c89eec36142148548f7cd64e5d12
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 158344 d36c1032ddd6ba8051ad27786662525a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 3592688 f30a67ca521067cde834d346b4646c1b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 116678 dda364a06fa45c104c5222988b826a6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 204156 2a7e71b2393ddee06457536053b6f426
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 1816066 cdc0f8d06a00c14337ad20178284685c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 192632 26c12b2f1e572cc70ab80fae0a20d75f
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 168070 088af473a08b7478a172e483ffe0a3cb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 174160 255499b7e29813343a088957bc4e450e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 184942 6ebb70d67e23a8ff659ec788048c558d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 966574 fa7081da19e2c59b89c5b47d70314a38
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 1032 dac2c365bc58d57275205fbecd04d2f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 12943234 f0e1ea934e597443636be3dc1f8323bc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 403274 d519dfad807b19794742e6723f6872c8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 158334 c729929af3c1879ab058541227487677
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 3377040 de356df345ed8ab5ce2a970827990b0d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 125582 9975c43ca6954d98309ab11ac03aadd4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 204158 fa835bffaf5008bccdcd62ff2114a481
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 2302210 db2d6cd804c0372eafba307436cd9296
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 242664 b8a9d7bba6700b6cb700187bbed51102

Debian: new mozilla-thunderbird packages.
New packages are available:
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum: 12246434 286f415370cea50e1db9e3cd42d2e4c2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum: 3277348 757202c4103104bbf82ce17ff93de6ad
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum: 149416 9f727c74782a27cbc31ba9c3cc05e365
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum: 31884 451a6095a65939e5c5fa01cbcce3f399
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum: 87560 1b4e74ca5a206c0028c7385a37c9d72c
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum: 11560136 b0e311d92acdc0c7e8b14b67bbf87a63
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum: 3503954 c76b1c2003373abb489d55fbc1cf8e9b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum: 145070 42bfc6d7e45c85a328c974e0dbf33a2d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum: 31882 6699d265d72be8d47e29607c19233ea5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum: 86338 f71fa003bb6cbd5e073791c02215f55f
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum: 14613050 4ebeb5db1064173aa1c0f4f63debe1a4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum: 3289384 28b78ccc68aa644a6e7ccfe1da7ed6c2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum: 153794 3d08e3ca8da7aab4d18325018f089cf1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum: 31886 5a51526eac30e965016709c84e5789cc
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum: 105440 bbf8174130d63df6a84a181e6f8f77d4

Fedora Core 3: new thunderbird packages.
New packages are available:
Fedora Core 3:
  SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/thunderbird-1.0.8-1.1.fc3.4.legacy.src.rpm
  i386: http://download.fedoralegacy.org/fedora/3/updates/i386/thunderbird-1.0.8-1.1.fc3.4.legacy.i386.rpm
  x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/thunderbird-1.0.8-1.1.fc3.4.legacy.x86_64.rpm

Fedora Core: new mozilla, thunderbird, epiphany, devhelp, yelp packages.
New packages are available, and decrisbed in message below.

HP-UX: version 1.7.13 of Mozilla.
Version 1.7.13 is available:
  http://www.hp.com/go/mozilla

Mandriva Corporate 3.0: new mozilla packages.
New packages are available:
 Corporate 3.0:
 81dce00119439ab171593eb2976fe547 corporate/3.0/RPMS/libnspr4-1.7.8-0.8.C30mdk.i586.rpm
 c0e04b64accc75483ca0795af33562be corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.8.C30mdk.i586.rpm
 288e4e8379aa0d7cc56327ba60035e0a corporate/3.0/RPMS/libnss3-1.7.8-0.8.C30mdk.i586.rpm
 c1bac96a978df5d75cfd7887a09144d5 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.8.C30mdk.i586.rpm
 0d06c6a4520068a368cf48e3f407c74e corporate/3.0/RPMS/mozilla-1.7.8-0.8.C30mdk.i586.rpm
 73f9e85c4556834db6ef9333b98beef0 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.8.C30mdk.i586.rpm
 6939f71693b40125b5c3dd0534441d4a corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.8.C30mdk.i586.rpm
 cb3df735d1ce023dd9cfeed26889c91b corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.8.C30mdk.i586.rpm
 7aee6465cb0a42c6561b3c3deac96c8d corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.8.C30mdk.i586.rpm
 01ec6255f2071d246ef76a11b2844c8e corporate/3.0/RPMS/mozilla-irc-1.7.8-0.8.C30mdk.i586.rpm
 8d4075f4c1c9cd4f613a68ff15f09d85 corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.8.C30mdk.i586.rpm
 cc4bcc8c9c19557513ef30d96150b9fe corporate/3.0/RPMS/mozilla-mail-1.7.8-0.8.C30mdk.i586.rpm
 05ab0503358b30c10dba88bb916473be corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.8.C30mdk.i586.rpm
 ddccba24ecfaa9f82167a7bb5c9c71ad corporate/3.0/SRPMS/mozilla-1.7.8-0.8.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 9a8e62df1100fa84600706050870a63e x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.8.C30mdk.x86_64.rpm
 17c9c8233a462fc91061554c0a0ef451 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 efa25dec22975bab70c748d07e0a3c75 x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.8.C30mdk.x86_64.rpm
 38de0287eaf7ed9f2e319cbcc042dcdf x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 18393cfe8c07b958e52a6f0f2b506e53 x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.8.C30mdk.x86_64.rpm
 e6aea2fc34c466383781cb6487964cc0 x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 be9a4c7519f064b07b48ea9556866f74 x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.8.C30mdk.x86_64.rpm
 085cc65fea8f657875c5024c0d964a5d x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.8.C30mdk.x86_64.rpm
 1b6244b6bf96093518937ccf8dcd33c6 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.8.C30mdk.x86_64.rpm
 e66333a5573e85f32effe85a01a64a27 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.8.C30mdk.x86_64.rpm
 4bfb009ca3dcdc90ff1eb2f244cafdc4 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.8.C30mdk.x86_64.rpm
 caddf105e2756d3bebf74ad2f4e8a0d6 x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.8.C30mdk.x86_64.rpm
 f1551cc11e1e75be6d25cf2f53070ac0 x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.8.C30mdk.x86_64.rpm
 ddccba24ecfaa9f82167a7bb5c9c71ad x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.8.C30mdk.src.rpm

Mandriva: new mozilla-thunderbird packages.
New packages are available:
 Mandriva Linux 2006.0:
 db1cb3f95a9ed5c38eadf84ab15059dd 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.i586.rpm
 4ac317574cda9d575725e2001c106c64 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.i586.rpm
 c9788a8baa83accaa38a6962d019be16 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.i586.rpm
 898658630b23e73046c50de78ae364b1 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 6ceb2686941e208c141d1a339dd87f85 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.x86_64.rpm
 57637d19befac214ef7c4c2cef84462d x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.x86_64.rpm
 f08fe4796dd84bbb9414668f55cbb2b9 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.x86_64.rpm
 898658630b23e73046c50de78ae364b1 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm

Red Hat Linux, Fedora Core: new mozilla packages.
New packages are available:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.13-0.73.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.6.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.13-0.90.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.6.legacy.src.rpM
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.6.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.13-1.1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.6.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.13-1.2.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.7.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.10.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.10.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.10.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.13-1.3.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/epiphany-1.4.9-1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/devhelp-0.9.2-2.3.7.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/epiphany-1.4.9-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/epiphany-devel-1.4.9-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/devhelp-0.9.2-2.3.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/devhelp-devel-0.9.2-2.3.7.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/epiphany-1.4.9-1.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/epiphany-devel-1.4.9-1.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/devhelp-0.9.2-2.3.7.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/devhelp-devel-0.9.2-2.3.7.legacy.x86_64.rpm

RHEL 4: new thunderbird packages.
New packages are available:
Red Hat Enterprise Linux version 4: thunderbird-1.0.8-1.4.1

RHEL: new mozilla, galeon packages.
New packages are available:
Red Hat Enterprise Linux version 2.1:
  galeon-1.2.14-1.2.8
  mozilla-1.7.13-1.1.2.2
Red Hat Enterprise Linux version 3:
  mozilla-1.7.13-1.1.3.1
Red Hat Enterprise Linux version 4:
  devhelp-0.9.2-2.4.8
  mozilla-1.7.13-1.4.1

SGI ProPack 3: new freeradius, Mozilla, openmotif packages.
Patch 10302 is corrected.
New packages are also available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Slackware: new mozilla packages.
New packages are available:
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-1.7.13-i486-1.tgz
Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.13-i486-1.tgz

Solaris: patch for Mozilla.
A patch is available:
SPARC
 - Mozilla 1.7 (Solaris 8, 9) : patch 120671-02
 - Mozilla 1.7 (Solaris 10) : patch 119115-19
x86
 - Mozilla 1.7 (Solaris 8, 9) : patch 120672-02
 - Mozilla 1.7 (Solaris 10) : patch 119116-19

SUSE: new MozillaThunderbird packages.
New packages are available:
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaThunderbird-1.0.8-0.2.i586.rpm
         26cf86fce7501020613b5e7aa9d817c0
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaThunderbird-1.0.8-0.2.i586.rpm
         cc56fcd7d79bdea6fe3f88fae36013e2
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaThunderbird-1.0.8-0.2.i586.rpm
         1808acacd53e3248ac1b73c3b7d70557
   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaThunderbird-1.0.8-0.1.i586.rpm
         c9ba754c65a76f7a7aae082b217b1add

Tru64 UNIX: version Firefox, Mozilla.
Following versions are corrected (but contain the VIGILANCE-VUL-5889 vulnerabilities recently announced):
Mozilla 1.7.13
  Location: http://h30097.www3.hp.com/internet/download.htm#mozilla
  Name: mozilla1713.tar.gz
  MD5 Checksum: a3a2694eb767b1ef2623da1783183357
Firefox 1.5.0.3
  Location: http://h30097.www3.hp.com/internet/download.htm#firefox1503
  Name: firefox1503.tar.gz
  MD5 Checksum: caedd963353eb9096f7b3cfc2d9177a1
Firefox 1.0.8
  Location: http://h30097.www3.hp.com/internet/download.htm#firefox
  Name: firefox108.tar.gz
  MD5 Checksum: a319705dc0f42d6fe66a25f57f8f9105
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.