Linux Security
    Linux Security
    Linux Security

    Debian: Mozilla Thunderbird fix several vulnerabilities DSA-1051-1

    Posted By
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1051-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    May 4th, 2006                 
    - --------------------------------------------------------------------------
    Package        : mozilla-thunderbird
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293
                     CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884
                     CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531
                     CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728
                     CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733
                     CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737
                     CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741
                     CVE-2006-1742 CVE-2006-1790
    CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382
                     VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556
    BugTraq IDs    : 15773 16476 16476 16770 16881 17516
    Several security related problems have been discovered in Mozilla
    Thunderbird.  The Common Vulnerabilities and Exposures project
    identifies the following vulnerabilities:
        The "" script allows local users to create or
        overwrite arbitrary files when debugging is enabled via a symlink
        attack on temporary files.
        Web pages with extremely long titles cause subsequent launches of
        the browser to appear to "hang" for up to a few minutes, or even
        crash if the computer has insufficient memory.  [MFSA-2006-03]
        The Javascript interpreter does not properly dereference objects,
        which allows remote attackers to cause a denial of service or
        execute arbitrary code.  [MFSA-2006-01]
        The function allocation code allows attackers to cause a denial of
        service and possibly execute arbitrary code.  [MFSA-2006-01]
        XULDocument.persist() did not validate the attribute name,
        allowing an attacker to inject arbitrary XML and JavaScript code
        into localstore.rdf that would be read and acted upon during
        startup.  [MFSA-2006-05]
        An anonymous researcher for TippingPoint and the Zero Day
        Initiative reported that an invalid and nonsensical ordering of
        table-related tags can be exploited to execute arbitrary code.
        A particular sequence of HTML tags can cause memory corruption
        that can be exploited to exectute arbitary code.  [MFSA-2006-18]
        Georgi Guninski reports that forwarding mail in-line while using
        the default HTML "rich mail" editor will execute JavaScript
        embedded in the e-mail message with full privileges of the client.
        The HTML rendering engine does not properly block external images
        from inline HTML attachments when "Block loading of remote images
        in mail messages" is enabled, which could allow remote attackers
        to obtain sensitive information.  [MFSA-2006-26]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        Georgi Guninski reported two variants of using scripts in an XBL
        control to gain chrome privileges when the page is viewed under
        "Print Preview".under "Print Preview".  [MFSA-2006-25]
        "shutdown" discovered that the crypto.generateCRMFRequest method
        can be used to run arbitrary code with the privilege of the user
        running the browser, which could enable an attacker to install
        malware.  [MFSA-2006-24]
        Claus J�rgensen reported that a text input box can be pre-filled
        with a filename and then turned into a file-upload control,
        allowing a malicious website to steal any local file whose name
        they can guess.  [MFSA-2006-23]
        An anonymous researcher for TippingPoint and the Zero Day
        Initiative discovered an integer overflow triggered by the CSS
        letter-spacing property, which could be exploited to execute
        arbitrary code.  [MFSA-2006-22]
        "moz_bug_r_a4" discovered that some internal functions return
        prototypes instead of objects, which allows remote attackers to
        conduct cross-site scripting attacks.  [MFSA-2006-19]
        "shutdown" discovered that it is possible to bypass same-origin
        protections, allowing a malicious site to inject script into
        content from another site, which could allow the malicious page to
        steal information such as cookies or passwords from the other
        site, or perform transactions on the user's behalf if the user
        were already logged in.  [MFSA-2006-17]
        "moz_bug_r_a4" discovered that the compilation scope of privileged
        built-in XBL bindings is not fully protected from web content and
        can still be executed which could be used to execute arbitrary
        JavaScript, which could allow an attacker to install malware such
        as viruses and password sniffers.  [MFSA-2006-16]
        "shutdown" discovered that it is possible to access an internal
        function object which could then be used to run arbitrary
        JavaScriptcode with full permissions of the user running the
        browser, which could be used to install spyware or viruses.
        It is possible to create JavaScript functions that would get
        compiled with the wrong privileges, allowing an attacker to run
        code of their choice with full permissions of the user running the
        browser, which could be used to install spyware or viruses.
        It is possible to trick users into downloading and saving an
        executable file via an image that is overlaid by a transparent
        image link that points to the executable.  [MFSA-2006-13]
        An integer overflow allows remote attackers to cause a denial of
        service and possibly execute arbitrary bytecode via JavaScript
        with a large regular expression.  [MFSA-2006-11]
        An unspecified vulnerability allows remote attackers to cause a
        denial of service.  [MFSA-2006-11]
        Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
        array write and buffer overflow that could lead to a denial of
        service and the possible execution of arbitrary code.  [MFSA-2006-11]
        It is possible for remote attackers to spoof secure site
        indicators such as the locked icon by opening the trusted site in
        a popup window, then changing the location to a malicious site.
        "shutdown" discovered that it is possible to inject arbitrary
        JavaScript code into a page on another site using a modal alert to
        suspend an event handler while a new page is being loaded.  This
        could be used to steal confidential information.  [MFSA-2006-09]
        Igor Bukanov discovered that the JavaScript engine does not
        properly handle temporary variables, which might allow remote
        attackers to trigger operations on freed memory and cause memory
        corruption, causing memory corruption.  [MFSA-2006-10]
        A regression fix that could lead to memory corruption allows
        remote attackers to cause a denial of service and possibly execute
        arbitrary code.  [MFSA-2006-11]
    For the stable distribution (sarge) these problems have been fixed in
    version 1.0.2-2.sarge1.0.8.
    For the unstable distribution (sid) these problems have been fixed in
    version of thunderbird.
    We recommend that you upgrade your Mozilla Thunderbird packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      997 0327b5d56178e6045be49e9b78c60b76
          Size/MD5 checksum:   329931 4dab3c7b21e40d055b95d74c35bedb58
          Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4
      Alpha architecture:
          Size/MD5 checksum: 12838168 bda025fdf3b077045cc21bab3a89e257
          Size/MD5 checksum:  3276290 6a1a40cacc0bf38e951acc448ef29db0
          Size/MD5 checksum:   150442 fca6c3f049cdf068da21a4edec3974e2
          Size/MD5 checksum:    31886 f9f96e466c0bef3a0255c9eedded7bb3
          Size/MD5 checksum:    87722 1280bc887809f52e77ea9f1b53739189
      AMD64 architecture:
          Size/MD5 checksum: 12246434 286f415370cea50e1db9e3cd42d2e4c2
          Size/MD5 checksum:  3277348 757202c4103104bbf82ce17ff93de6ad
          Size/MD5 checksum:   149416 9f727c74782a27cbc31ba9c3cc05e365
          Size/MD5 checksum:    31884 451a6095a65939e5c5fa01cbcce3f399
          Size/MD5 checksum:    87560 1b4e74ca5a206c0028c7385a37c9d72c
      ARM architecture:
          Size/MD5 checksum: 10336960 226d96bb928a8a5f1169e8e8f22cb94c
          Size/MD5 checksum:  3268838 d6df5cef8606a925ab2e0f6d4759e2bf
          Size/MD5 checksum:   141526 fb78403f901f5a3551864aae8677855b
          Size/MD5 checksum:    31904 5e442a325862851a1ddcdf098f602488
          Size/MD5 checksum:    79556 d93846c81f778cdc8089f594edcdee29
      Intel IA-32 architecture:
          Size/MD5 checksum: 11560136 b0e311d92acdc0c7e8b14b67bbf87a63
          Size/MD5 checksum:  3503954 c76b1c2003373abb489d55fbc1cf8e9b
          Size/MD5 checksum:   145070 42bfc6d7e45c85a328c974e0dbf33a2d
          Size/MD5 checksum:    31882 6699d265d72be8d47e29607c19233ea5
          Size/MD5 checksum:    86338 f71fa003bb6cbd5e073791c02215f55f
      Intel IA-64 architecture:
          Size/MD5 checksum: 14613050 4ebeb5db1064173aa1c0f4f63debe1a4
          Size/MD5 checksum:  3289384 28b78ccc68aa644a6e7ccfe1da7ed6c2
          Size/MD5 checksum:   153794 3d08e3ca8da7aab4d18325018f089cf1
          Size/MD5 checksum:    31886 5a51526eac30e965016709c84e5789cc
          Size/MD5 checksum:   105440 bbf8174130d63df6a84a181e6f8f77d4
      HP Precision architecture:
          Size/MD5 checksum: 13558548 62fa53905105857b25039b360f5ed165
          Size/MD5 checksum:  3282030 5c8f3bc938f0d9ee87588cbfb2cf79fb
          Size/MD5 checksum:   151644 0a2894a49adc27f41dbc34ae850998cb
          Size/MD5 checksum:    31886 06078286e5baa9703eecac8678c6259a
          Size/MD5 checksum:    95646 82233c3c9d614801a19d6e07031a7e0a
      Motorola 680x0 architecture:
          Size/MD5 checksum: 10782388 f59c564e46e44dcbe7e045635a500253
          Size/MD5 checksum:  3267578 646924bd2241dd7c4c61be86ed52f66e
          Size/MD5 checksum:   143414 2ceb5e38365ba6488c0e0bbda2c16de2
          Size/MD5 checksum:    31924 c79717feb3366b475a181fb94666a308
          Size/MD5 checksum:    80832 52d33e4efd5d53f0d88a45b560348fc5
      Big endian MIPS architecture:
          Size/MD5 checksum: 11940252 693556d436d10d0dfc0df428967bc054
          Size/MD5 checksum:  3275664 eeaff88720b28b8624e4e2683deb8156
          Size/MD5 checksum:   146354 84e79291c3a085c9315140b01d00620c
          Size/MD5 checksum:    31894 ca7b49008df0913a853614cc1e1f58d0
          Size/MD5 checksum:    83106 297bef79199e69cd7eed64aba0472de1
      Little endian MIPS architecture:
          Size/MD5 checksum: 11801596 bbf40fdabbe94838a63d689263b13dfc
          Size/MD5 checksum:  3276522 56b8c3fbf4dfe10c11219f722dee243f
          Size/MD5 checksum:   145920 55354ff3950db25f7a43d7dd643bdc0c
          Size/MD5 checksum:    31902 7792444ecceba497bbea95aa79bfd541
          Size/MD5 checksum:    82932 a618ae0dc3fa628c9b942bc19a9e041b
      PowerPC architecture:
          Size/MD5 checksum: 10900888 5a4bfd9854a2402b57a0f7fbeebc69e4
          Size/MD5 checksum:  3266966 2f9dfc8d97dfbc136d3d4a409d86080c
          Size/MD5 checksum:   143398 f1ed2509f11198cc79350ec34a8d169f
          Size/MD5 checksum:    31892 555cd49ac0135b6cca34e346b1730916
          Size/MD5 checksum:    79634 55a53bdc25f21625e6a5bf7409a79a60
      IBM S/390 architecture:
          Size/MD5 checksum: 12694418 cb417029c1f1403fd85ad62696ba9a6a
          Size/MD5 checksum:  3277050 c9e56aa35a7ee4b3efb70aac8d1fb2b4
          Size/MD5 checksum:   149736 ddb248089886f5377167866e098276ee
          Size/MD5 checksum:    31894 757eabc20b4c623116efbfa6514f8674
          Size/MD5 checksum:    87580 a78dce29c87b7e57f30eb4ab566474b2
      Sun Sparc architecture:
          Size/MD5 checksum: 11164666 54d3682c2946c7a1a1a2f4d5632c5a9e
          Size/MD5 checksum:  3271818 eec83ea3565d2a6137a077a0ac7bd0bf
          Size/MD5 checksum:   143070 513f4ab787b0d0b680b562cb6e63fa18
          Size/MD5 checksum:    31898 92244cdf10019877a52c4be13ec1fcdf
          Size/MD5 checksum:    81430 041e86b0c9ea28c4f28973b9e1be627d
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.