Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora: FEDORA-2006-789 Severe: Thunderbird JavaScript Exploits

fedora
Calendar Grey July 20, 2005
Dist Fedora Esm H88
This patch resolves key vulnerabilities in Firefox, improving defense against cross-site scripting threats and buffer overflow attacks.
Fix various security related bugs.

Summary

Mozilla Thunderbird is a standalone mail and newsgroup client.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A bug was found in the way Thunderbird handled anonymous functions during

regular expression string replacement. It is possible for a malicious HTML

mail to capture a random block of client memory. The Common

Vulnerabilities and Exposures project has assigned this bug the name

CAN-2005-0989.

A bug was found in the way Thunderbird validated several XPInstall related

JavaScript objects. A malicious HTML mail could pass other objects to the

XPInstall objects, resulting in the JavaScript interpreter jumping to

arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Thunderbird privileged UI code handled DOM

nodes from the content window. An HTML message could install malicious

JavaScript code or steal data when a user performs commonplace actions such

as clicking a link or opening the context menu. (CAN-2005-1160)

A bug was found in the way Thunderbird executed JavaScript code. JavaScript

executed from HTML mail should run with a restricted access level,

preventing dangerous actions. It is possible that a malicious HTML mail

could execute JavaScript code with elevated privileges, allowing access to

protected data and functions. (CAN-2005-1532)

A bug was found in the way Thunderbird executed Javascript in XBL controls.

It is possible for a malicious HTML mail to leverage this vulnerability to

execute other JavaScript based attacks even when JavaScript is disabled.

(CAN-2005-2261)

A bug was found in the way Thunderbird handled certain Javascript

functions. It is possible for a malicious HTML mail to crash the client by

executing malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Thunderbird handled child frames. It is possible

for a malicious framed HTML mail to steal sensitive information from its

parent frame. (CAN-2005-2266)

A bug was found in the way Thunderbird handled DOM node names. It is

possible for a malicious HTML mail to overwrite a DOM node name, allowing

certain privileged chrome actions to execute the malicious JavaScript.

(CAN-2005-2269)

A bug was found in the way Thunderbird cloned base objects. It is possible

for HTML content to navigate up the prototype chain to gain access to

privileged chrome objects. (CAN-2005-2270)

Users of Thunderbird are advised to upgrade to this updated package that

contains Thunderbird version 1.0.6 and is not vulnerable to these issues.

- Update to 1.0.6

* Mon Jul 18 2005 Christopher Aillon 1.0.6-0.1.fc4

- 1.0.6 Release Candidate

51f614a0a887ffb58ce6bbf4f4eb7431 SRPMS/thunderbird-1.0.6-1.1.fc4.src.rpm

fc206b1fd0dccb15da66b2fe3b272175 ppc/thunderbird-1.0.6-1.1.fc4.ppc.rpm

0b94083b2f2415f84069e30c20742ec1 ppc/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.ppc.rpm

38da7902f6e1bcfc45ef688e04a770e8 x86_64/thunderbird-1.0.6-1.1.fc4.x86_64.rpm

1a6bbee24e0559176e19ba1218d91e02 x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.x86_64.rpm

f858562b2d77180acb6d40022fe1c3cd i386/thunderbird-1.0.6-1.1.fc4.i386.rpm

90cba454ded9c8d4e049262abdea64d2 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: thunderbird
Version: 1.0.6
Release: 1.1.fc4
Summary: Mozilla Thunderbird mail/newsgroup client

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here