[Bug 416646] Re: is available

Fumihito YOSHIDA hito at kugutsu.org
Wed Aug 26 09:33:16 UTC 2009

hi Jamie,

USN-817-1 is really so?
| Several flaws were discovered in the rendering engine of Thunderbird.
| If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird. 

This description seems 2.0.22's, but USN-817-1 points 2.0.23's.
(Thunderbird 2.0.22 is USN-782-1) 

so our fix are CVE-2009-2408/MFSA2009-42.

maybe, valid details are below.: (from mitre.org)
| Thunderbird did not properly handle a NULL character in a domain name in the subject's
| Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers
| to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate 
| Certification Authority.

Please check.

** CVE added: http://www.cve.mitre.org/cgi-

-- is available
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to thunderbird in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list