hi Jamie, USN-817-1 is really so? | Several flaws were discovered in the rendering engine of Thunderbird. | If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird.
This description seems 2.0.22's, but USN-817-1 points 2.0.23's. (Thunderbird 2.0.22 is USN-782-1) so our fix are CVE-2009-2408/MFSA2009-42. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html maybe, valid details are below.: (from mitre.org) | Thunderbird did not properly handle a NULL character in a domain name in the subject's | Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers | to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate | Certification Authority. Please check. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2408 -- 2.0.0.23 is available https://bugs.launchpad.net/bugs/416646 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
