Subject: pkg-vulnerabilities listing for Mozilla advisory missing Thunderbird reference
To: , <tech-security@NetBSD.org>
From: David H.Gutteridge <dhgutteridge@sympatico.ca>
List: tech-security
Date: 01/09/2005 01:27:34
Hello,

Regarding the vulnerability listing referenced as
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
relating to handling of NNTP URLs in Mozilla < 1.7.3,
in my understanding this also affects Thunderbird
versions prior to 1.0.  Thunderbird is not listed
as vulnerable in the latest pkg-vulnerabilities file.

See Mozilla Bugzilla entry 264388, which lists the
Aviary (incl. Thunderbird) branch as affected.  I
can confirm that the referenced source file is included
in Thunderbird compiles, I checked a compile log I have.

Dave