Linux Security
    Linux Security
    Linux Security

    Debian: Mozilla Thunderbird fix several vulnerabilities DSA-1134-1

    Posted By
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1134-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    August 2nd, 2006              
    - --------------------------------------------------------------------------
    Package        : mozilla-thunderbird
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                     CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781
                     CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785
                     CVE-2006-2786 CVE-2006-2787
    CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
    BugTraq ID     : 18228
    Several security related problems have been discovered in Mozilla
    which are also present in Mozilla Thunderbird.  The Common
    Vulnerabilities and Exposures project identifies the following
        Eric Foley discovered that a user can be tricked to expose a local
        file to a remote attacker by displaying a local file as image in
        connection with other vulnerabilities.  [MFSA-2006-39]
        XUL attributes are associated with the wrong URL under certain
        circumstances, which might allow remote attackers to bypass
        restrictions.  [MFSA-2006-35]
        Paul Nickerson discovered that content-defined setters on an
        object prototype were getting called by privileged user interface
        code, and "moz_bug_r_a4" demonstrated that the higher privilege
        level could be passed along to the content-defined attack code.
        A vulnerability allows remote attackers to execute arbitrary code
        and create notifications that are executed in a privileged
        context.  [MFSA-2006-43]
        Mikolaj Habryn a buffer overflow in the crypto.signText function
        that allows remote attackers to execute arbitrary code via certain
        optional Certificate Authority name arguments.  [MFSA-2006-38]
        Mozilla team members discovered several crashes during testing of
        the browser engine showing evidence of memory corruption which may
        also lead to the execution of arbitrary code.  This problem has
        only partially been corrected.  [MFSA-2006-32]
        An integer overflow allows remote attackers to cause a denial of
        service and may permit the execution of arbitrary code.
        Masatoshi Kimura discovered a double-free vulnerability that
        allows remote attackers to cause a denial of service and possibly
        execute arbitrary code via a VCard.  [MFSA-2006-40]
        Chuck McAuley discovered that a text input box can be pre-filled
        with a filename and then turned into a file-upload control,
        allowing a malicious website to steal any local file whose name
        they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]
        Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
        is stripped from UTF-8 pages during the conversion to Unicode
        before the parser sees the web page, which allows remote attackers
        to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]
        Paul Nickerson discovered that the fix for CAN-2005-0752 can be
        bypassed using nested javascript: URLs, allowing the attacker to
        execute privileged code.  [MFSA-2005-34, MFSA-2006-36]
        Paul Nickerson demonstrated that if an attacker could convince a
        user to right-click on a broken image and choose "View Image" from
        the context menu then he could get JavaScript to
        run.  [MFSA-2006-34]
        Kazuho Oku discovered that Mozilla's lenient handling of HTTP
        header syntax may allow remote attackers to trick the browser to
        interpret certain responses as if they were responses from two
        different sites.  [MFSA-2006-33]
        The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
        run via EvalInSandbox can escape the sandbox and gain elevated
        privilege.  [MFSA-2006-31]
    For the stable distribution (sarge) these problems have been fixed in
    version 1.0.2-2.sarge1.0.8a.
    For the unstable distribution (sid) these problems have been fixed in
    version and xulrunner for galeon and epiphany.
    We recommend that you upgrade your Mozilla Thunderbird packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      999 a7547d54f6c987d16db915709bc5fe44
          Size/MD5 checksum:   453026 eb2d71ba5d15fe803784950a13a47563
          Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4
      Alpha architecture:
          Size/MD5 checksum: 12842296 fa614356eb934f90ae45fa3ed9dd1539
          Size/MD5 checksum:  3278130 4cb654733bfccea8cd3c0df00b5def8c
          Size/MD5 checksum:   151082 c07a4daabd1c05a637520f9a094dc074
          Size/MD5 checksum:    32502 80579d205020032c49770ce3fc7141f6
          Size/MD5 checksum:    88350 3b3e525e54326e8e2d9af8b69904c3a8
      AMD64 architecture:
          Size/MD5 checksum: 12251804 deb4396f8cd09c132ff78052ff534f8a
          Size/MD5 checksum:  3279014 7d2f64aba52ea20a7b8cf16a66fff252
          Size/MD5 checksum:   150050 77fdbefdcd0aedbdbccac24e7c81f943
          Size/MD5 checksum:    32488 867701a09fd5bbac7acc1865fbe064b8
          Size/MD5 checksum:    88190 5bdde29214cc86cf4340ed9dd43c68d3
      ARM architecture:
          Size/MD5 checksum: 10339868 a60a1c13491b2a0771c8e3517cd25dd8
          Size/MD5 checksum:  3270162 22724283f230b50cf6a173520c420fc1
          Size/MD5 checksum:   142198 7008892dc0bb9bca14978a7e1f09fde9
          Size/MD5 checksum:    32512 3ac5306abd8ecbdd9ba981df3d61db68
          Size/MD5 checksum:    80218 5514acae240f08b8a061176131d2fdb8
      Intel IA-32 architecture:
          Size/MD5 checksum: 11565160 23e9aaa2f8f1a62bf43efb7bc815fdcf
          Size/MD5 checksum:  3506098 169af4eda4ae283d48a0b1523b05bdd7
          Size/MD5 checksum:   145716 e63141ba6a893db986bd0e9cbcc575e9
          Size/MD5 checksum:    32480 2d23870e404431d77f83601ec81a7fda
          Size/MD5 checksum:    86962 ea63c9a6e99a6895ad7eb1fe70363b22
      Intel IA-64 architecture:
          Size/MD5 checksum: 14618962 f0ae93cc731f61beb0599fac54445460
          Size/MD5 checksum:  3290490 2d16d23f8042bad1273b992861011349
          Size/MD5 checksum:   154412 1b39804a27f4b7dae90e92d7a39d4bb9
          Size/MD5 checksum:    32490 818339f4a6d9e98182975f9d1a834939
          Size/MD5 checksum:   106058 6b1214ef1b42a53af54389da726fd478
      HP Precision architecture:
          Size/MD5 checksum: 13561594 b7eb45b4c8829370a58b2d870021024e
          Size/MD5 checksum:  3283714 f65b93a3a73a3dfc62d6f024c259a1db
          Size/MD5 checksum:   152280 06e23e82444cacea77afdc87699f5773
          Size/MD5 checksum:    32496 06a10d18ef8a1bc84b89b3cc50e8cad5
          Size/MD5 checksum:    96308 076063aee6cf91541585b08fdf73a801
      Motorola 680x0 architecture:
          Size/MD5 checksum: 10786352 e5c9c4cb536f92fc2cab024541460b8f
          Size/MD5 checksum:  3269592 909c5464deba45d965f5a0612f04becd
          Size/MD5 checksum:   143968 6e45eef4d3241039abe41a638e9f34df
          Size/MD5 checksum:    32522 494885109459853538c84e47c21635ec
          Size/MD5 checksum:    81442 c978cb34ab778b06385814cd4ad51056
      Big endian MIPS architecture:
          Size/MD5 checksum: 11941536 ddf753469c129bf3fd2681a9bbc5e81a
          Size/MD5 checksum:  3277166 1f3efa2d140a400ad98b73ba33f6e35c
          Size/MD5 checksum:   146966 a5e221ce8c30ee3a12c1a3d6603c52dd
          Size/MD5 checksum:    32496 05e84094b89573c4aafac9b414bb0d34
          Size/MD5 checksum:    83704 a1006bc20c63a7d51607cc3249a88677
      Little endian MIPS architecture:
          Size/MD5 checksum: 11806560 dccdeef719f40ee45b6ea11a2e1d5675
          Size/MD5 checksum:  3278332 12657ea860ed91f17750e30458526dc9
          Size/MD5 checksum:   146522 b528200933d5bcb366959bfb21015b1b
          Size/MD5 checksum:    32496 5956a48e052e31695346398197734eef
          Size/MD5 checksum:    83552 a0a0035eadfb314ebd90a21f4e888275
      PowerPC architecture:
          Size/MD5 checksum: 10903816 1590ee6c726500d5cb4f037d29e0a8f8
          Size/MD5 checksum:  3268272 67789b6af42f2b76d578377cc4ff9f3d
          Size/MD5 checksum:   144024 3617dbb5b65f5c1d4317b09626f0be5f
          Size/MD5 checksum:    32500 5807e7e4389796a8dd1b79c9ae07f051
          Size/MD5 checksum:    80232 5f4d117d2108a7c0ab683e6b2756a701
      IBM S/390 architecture:
          Size/MD5 checksum: 12697106 ba9085a2f7203579f62e288e3f1dd7ee
          Size/MD5 checksum:  3278522 7b17ff2d80845368acdf7263c1affc50
          Size/MD5 checksum:   150324 943c02d94e672ec2fe94c1303ee2679d
          Size/MD5 checksum:    32484 2cbf34e4da8492fe773465378e069ca6
          Size/MD5 checksum:    88194 e7ccfa32631e9acd0e96146f9c49a176
      Sun Sparc architecture:
          Size/MD5 checksum: 11167620 d493999d1fe3f28b0adef98731003ad7
          Size/MD5 checksum:  3273616 2e75bfd4a38e0e92de802c7ed5560f90
          Size/MD5 checksum:   143680 402f90dc28004eb5c6777d1e13946c55
          Size/MD5 checksum:    32500 0534fcca42cbc508c633ec090b875bb1
          Size/MD5 checksum:    82040 ca4a06228ba6980a44b8df8c37b94b0c
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.