USN-817-1 is really so?
| Several flaws were discovered in the rendering engine of Thunderbird.
| If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird.
This description seems 2.0.22's, but USN-817-1 points 2.0.23's.
(Thunderbird 2.0.22 is USN-782-1)
maybe, valid details are below.: (from mitre.org)
| Thunderbird did not properly handle a NULL character in a domain name in the subject's
| Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers
| to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate
| Certification Authority.
hi Jamie,
USN-817-1 is really so?
| Several flaws were discovered in the rendering engine of Thunderbird.
| If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird.
This description seems 2.0.22's, but USN-817-1 points 2.0.23's.
(Thunderbird 2.0.22 is USN-782-1)
so our fix are CVE-2009- 2408/MFSA2009- 42. cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2009- 2408 www.mozilla. org/security/ announce/ 2009/mfsa2009- 42.html
http://
http://
maybe, valid details are below.: (from mitre.org)
| Thunderbird did not properly handle a NULL character in a domain name in the subject's
| Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers
| to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate
| Certification Authority.
Please check.