Описание
ELSA-2015-0771: thunderbird security update (IMPORTANT)
[31.6.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js
[31.6.0-1]
- Update to 31.6.0
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
thunderbird
31.6.0-1.0.1.el5_11
Oracle Linux i386
thunderbird
31.6.0-1.0.1.el5_11
Oracle Linux 6
Oracle Linux x86_64
thunderbird
31.6.0-1.0.1.el6_6
Oracle Linux i686
thunderbird
31.6.0-1.0.1.el6_6
Oracle Linux 7
Oracle Linux x86_64
thunderbird
31.6.0-1.0.1.el7_1
Ссылки на источники
Связанные уязвимости
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.