Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora Core 3: 2005-604 Critical: Mozilla Thunderbird Email Exploit

fedora
Calendar Grey July 20, 2005
Dist Fedora Esm H88
Resolving several issues in Thunderbird on Fedora Core 3, bolstering email security to defend against diverse threats.
Fix various security related bugs.

Summary

Mozilla Thunderbird is a standalone mail and newsgroup client.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A bug was found in the way Thunderbird handled anonymous functions during

regular expression string replacement. It is possible for a malicious HTML

mail to capture a random block of client memory. The Common

Vulnerabilities and Exposures project has assigned this bug the name

CAN-2005-0989.

A bug was found in the way Thunderbird validated several XPInstall related

JavaScript objects. A malicious HTML mail could pass other objects to the

XPInstall objects, resulting in the JavaScript interpreter jumping to

arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Thunderbird privileged UI code handled DOM

nodes from the content window. An HTML message could install malicious

JavaScript code or steal data when a user performs commonplace actions such

as clicking a link or opening the context menu. (CAN-2005-1160)

A bug was found in the way Thunderbird executed JavaScript code. JavaScript

executed from HTML mail should run with a restricted access level,

preventing dangerous actions. It is possible that a malicious HTML mail

could execute JavaScript code with elevated privileges, allowing access to

protected data and functions. (CAN-2005-1532)

A bug was found in the way Thunderbird executed Javascript in XBL controls.

It is possible for a malicious HTML mail to leverage this vulnerability to

execute other JavaScript based attacks even when JavaScript is disabled.

(CAN-2005-2261)

A bug was found in the way Thunderbird handled certain Javascript

functions. It is possible for a malicious HTML mail to crash the client by

executing malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Thunderbird handled child frames. It is possible

for a malicious framed HTML mail to steal sensitive information from its

parent frame. (CAN-2005-2266)

A bug was found in the way Thunderbird handled DOM node names. It is

possible for a malicious HTML mail to overwrite a DOM node name, allowing

certain privileged chrome actions to execute the malicious JavaScript.

(CAN-2005-2269)

A bug was found in the way Thunderbird cloned base objects. It is possible

for HTML content to navigate up the prototype chain to gain access to

privileged chrome objects. (CAN-2005-2270)

Users of Thunderbird are advised to upgrade to this updated package that

contains Thunderbird version 1.0.6 and is not vulnerable to these issues.

- Update to 1.0.6

* Mon Jul 18 2005 Christopher Aillon 1.0.6-0.1.fc3

- 1.0.6 Release Candidate

e060dd6ce427541531cc40c28a678643 SRPMS/thunderbird-1.0.6-1.1.fc3.src.rpm

617b9df6931ff067e896d29399849df0 x86_64/thunderbird-1.0.6-1.1.fc3.x86_64.rpm

8bcb33b02ad164e499e4109dc6909caa x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.x86_64.rpm

2781375f4ff5c6280692d573787f5064 i386/thunderbird-1.0.6-1.1.fc3.i386.rpm

774d64ba857b9c430c3ae87471bc68f6 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: thunderbird
Version: 1.0.6
Release: 1.1.fc3
Summary: Mozilla Thunderbird mail/newsgroup client

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here