Comment 2 for bug 416646

hi Jamie,

USN-817-1 is really so?
| Several flaws were discovered in the rendering engine of Thunderbird.
| If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird.

This description seems 2.0.22's, but USN-817-1 points 2.0.23's.
(Thunderbird 2.0.22 is USN-782-1)

so our fix are CVE-2009-2408/MFSA2009-42.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html

maybe, valid details are below.: (from mitre.org)
| Thunderbird did not properly handle a NULL character in a domain name in the subject's
| Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers
| to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate
| Certification Authority.

Please check.