Linux Security
    Linux Security
    Linux Security

    Debian: Mozilla Thunderbird fix several vulnerabilities DSA-781-1

    Date 23 Aug 2005
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 781-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    August 23rd, 2005             
    - --------------------------------------------------------------------------
    Package        : mozilla-thunderbird
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532
                     CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269
    BugTraq ID     : 14242 14242
    Debian Bug     : 318728
    Several problems have been discovered in Mozilla Thunderbird, the
    standalone mail client of the Mozilla suite.  The Common
    Vulnerabilities and Exposures project identifies the following
        Remote attackers could read portions of heap memory into a
        Javascript string via the lambda replace method.
        The Javascript interpreter could be tricked to continue execution
        at the wrong memory address, which may allow attackers to cause a
        denial of service (application crash) and possibly execute
        arbitrary code.
        Remote attackers could override certain properties or methods of
        DOM nodes and gain privileges.
        Remote attackers could override certain properties or methods due
        to missing proper limitation of Javascript eval and Script objects
        and gain privileges.
        XML scripts ran even when Javascript disabled.
        Missing input sanitising of InstallVersion.compareTo() can cause
        the application to crash.
        Remote attackers could steal sensitive information such as cookies
        and passwords from web sites by accessing data in alien frames.
        Remote attackers could modify certain tag properties of DOM nodes
        that could lead to the execution of arbitrary script or code.
        The Mozilla browser familie does not properly clone base objects,
        which allows remote attackers to execute arbitrary code.
    The old stable distribution (woody) is not affected by these problems
    since it does not contain Mozilla Thunderbird packages.
    For the stable distribution (sarge) these problems have been fixed in
    version 1.0.2-2.sarge1.0.6.
    For the unstable distribution (sid) these problems have been fixed in
    version 1.0.6-1.
    We recommend that you upgrade your Mozilla Thunderbird package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      997 53157e26cb9b032a3fdd375adcbac2bb
          Size/MD5 checksum:   187279 35ff6f4f69563681c282d818f9e08f23
          Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4
      Alpha architecture:
          Size/MD5 checksum: 12828558 258ee4d7ccd16193ef73a1e7f76b5e8e
          Size/MD5 checksum:  3268880 e22ea42c42b9d9194c071b67372e1ed2
          Size/MD5 checksum:   144960 78f53d39b9e4cf6897d29896a09f1fa9
          Size/MD5 checksum:    26498 342c404ee93371fc0897059f549a7a9d
          Size/MD5 checksum:    82278 48ad0c63a3da09affde9bbe934aff4e7
      AMD64 architecture:
          Size/MD5 checksum: 12239002 886db98a0472273676651b622fb6db78
          Size/MD5 checksum:  3269560 403f483ecb3adff814c78e3b8a44267f
          Size/MD5 checksum:   144004 a7a1bafd0ead6f05ec2c7513431e2761
          Size/MD5 checksum:    26498 056144ff158bbaa3e95081fb207ca026
          Size/MD5 checksum:    82162 857d764cd365c7aecda22aadb794b2cf
      ARM architecture:
          Size/MD5 checksum: 10325602 afb900570718804d74b643b6fdcbe42a
          Size/MD5 checksum:  3264246 3cf2f71afc85cfdce8c2e80ad8b183a8
          Size/MD5 checksum:   136040 ef6d7998e45503c38565f53f1d240dd0
          Size/MD5 checksum:    26514 06819b7ec681da9c0c30ea37526d3c70
          Size/MD5 checksum:    74152 82e1e77ab75f6de61f6717af97e551c7
      Intel IA-32 architecture:
          Size/MD5 checksum: 11523292 0b3272e1f860da8d415a9d492718dab9
          Size/MD5 checksum:  3267364 e1c3e4a8c865bc13d69d94c5774c6806
          Size/MD5 checksum:   139484 43e24cd43ad7b87206866614dbe7f73c
          Size/MD5 checksum:    26502 e10611304b82a03ff28646cbc4a3ef4c
          Size/MD5 checksum:    80868 a017cf6698d4dc08d574083061876b18
      Intel IA-64 architecture:
          Size/MD5 checksum: 14600148 ed6a27da1a997f2259c095a2d0fcd116
          Size/MD5 checksum:  3283336 110376398b8b9ed932365de3f059f455
          Size/MD5 checksum:   148328 d1b4914d0ac468538289856fc9e2c397
          Size/MD5 checksum:    26500 36addd7bbce708f80f32a9ed7ec7307d
          Size/MD5 checksum:    99946 91de5051f92e86f47aacc6a9909e1223
      HP Precision architecture:
          Size/MD5 checksum: 13547772 1c53fd2a25d264244cb6d192cec34efd
          Size/MD5 checksum:  3273922 fcfe3f416265b9315e1997959aa22dd1
          Size/MD5 checksum:   146188 539321f5b43e18f58733c4105efec4cf
          Size/MD5 checksum:    26512 5d91015a025bea70b15d65034233fdd0
          Size/MD5 checksum:    90102 5947cd276b59a4637903a55af3a02303
      Motorola 680x0 architecture:
          Size/MD5 checksum: 10773214 e5fd6d229f37532ad9d0333b96cee1c2
          Size/MD5 checksum:  3262424 f75ea663061af141c1c6e08a73defb27
          Size/MD5 checksum:   137868 4ef977ad2552ddf5e6fe7d13479bb1e5
          Size/MD5 checksum:    26516 84fe211d15cbd087124ee92e2fda0261
          Size/MD5 checksum:    75366 f43e5ab28d62618be3e62e37c1b76002
      Big endian MIPS architecture:
          Size/MD5 checksum: 11932052 1935ec7c91cdb9b5e468d46d7d9157bf
          Size/MD5 checksum:  3269080 5582d0a2a1a1eceb4cc69eae7c9267ac
          Size/MD5 checksum:   140938 3578a4a679ffce4b60876f94de99c8d3
          Size/MD5 checksum:    26504 9e9a2e7cf4d2250377f24b7d7057b198
          Size/MD5 checksum:    77706 5abd79f4f7377cb3f1abaedb83f1bb99
      Little endian MIPS architecture:
          Size/MD5 checksum: 11792168 776ae7ac955ed7752f7ef68b8793a8a4
          Size/MD5 checksum:  3269258 a347fe9187b6da7236529d34e5e511b5
          Size/MD5 checksum:   140496 17e19ca8b6b544e15a179d20d8e8c486
          Size/MD5 checksum:    26502 6660fd9aa6bb0c1e334df72af0070386
          Size/MD5 checksum:    77556 5a3137f17694cfbd1579aba9b3272e18
      PowerPC architecture:
          Size/MD5 checksum: 10891054 a18795385ebbc6ed25eaf90387d54eea
          Size/MD5 checksum:  3262070 ec3bf4e8c959dac7dbbca1de8dbe8c11
          Size/MD5 checksum:   137876 194bf4676b6294708344f572b5495786
          Size/MD5 checksum:    26502 e0a5e3b166e1fbff1680c3d397e61aeb
          Size/MD5 checksum:    74240 35dcda6db87be485de2cc1a5581c5379
      IBM S/390 architecture:
          Size/MD5 checksum: 12683578 d218dfa4a370a6b698e87481a7bc23c8
          Size/MD5 checksum:  3269612 e53f9324d774d130c0a319467690e551
          Size/MD5 checksum:   144314 91369b2da923d03324cb7bc5507c2ac3
          Size/MD5 checksum:    26510 7fc5828a1d89c0142f65896b35577382
          Size/MD5 checksum:    82196 af4fc5e81876b142f84e6ef40b98c135
      Sun Sparc architecture:
          Size/MD5 checksum: 11155834 d6e7eee2c9ccd2f050672bb759fa4866
          Size/MD5 checksum:  3266376 eb63387994b5d108ed735cd70ccfe0f3
          Size/MD5 checksum:   137498 37e5452c55fbe883021466f0a9289abf
          Size/MD5 checksum:    26508 d45278e5302d461392b9ef8b376071bb
          Size/MD5 checksum:    75996 409d7ea53302393fbfe387910562edab
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.