USN-503-1: Thunderbird vulnerabilities
25 August 2007
tricking a user into opening a malicious email, an attacker could execute
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.