Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9.
5c2c7d93049660ffeb7fc427cc6435f6ba3ab42a814acce6c691c62da72b64b2
Debian Security Advisory 1391-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
0fd2dac5b0f1f89683b32b5407978d38835cbcbb2a326d49cd11d7daf010f237
Ubuntu Security Notice 503-1 - Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious email, an attacker could execute helpers with arbitrary arguments with the user's privileges.
fdc222ca45585dcaaf986348036154ccceb0b08ece8dd53b72a35eb3a03d01e2
Debian Security Advisory 1346-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
7d8c2ef6cb498a01f05fe869a389a93bbe3f6cf220732c50f166e318bd3fb9e8
Debian Security Advisory 1345-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
af4abfa3d80e22b8e5beb51323cb93d79d2c92e0fc5a3cf28c6d13338a78cc5c
Debian Security Advisory 1344-1 - "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
d1fb2f29c2f8e3279dcdeddc998ce07195c774016ac60d19d4fece5890d9bd83
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6.
09a93ae755c8850298dff969f0aaed4e9395ebe574184598d2c77a04e5ddd3f8
Ubuntu Security Notice 493-1 - A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges.
518c2a5ab9906194864d36c0c49e8192666da35048f7075b8cc14b2de8b187f4