-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1051-1 security@xxxxxxxxxx http://www.debian.org/security/ Martin Schulze May 4th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mozilla-thunderbird Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382 VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556 BugTraq IDs : 15773 16476 16476 16770 16881 17516 Several security related problems have been discovered in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-2353 The "run-mozilla.sh" script allows local users to create or overwrite arbitrary files when debugging is enabled via a symlink attack on temporary files. CVE-2005-4134 Web pages with extremely long titles cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03] CVE-2006-0292 The Javascript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01] CVE-2006-0293 The function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01] CVE-2006-0296 XULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05] CVE-2006-0748 An anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27] CVE-2006-0749 A particular sequence of HTML tags can cause memory corruption that can be exploited to exectute arbitary code. [MFSA-2006-18] CVE-2006-0884 Georgi Guninski reports that forwarding mail in-line while using the default HTML "rich mail" editor will execute JavaScript embedded in the e-mail message with full privileges of the client. [MFSA-2006-21] CVE-2006-1045 The HTML rendering engine does not properly block external images from inline HTML attachments when "Block loading of remote images in mail messages" is enabled, which could allow remote attackers to obtain sensitive information. [MFSA-2006-26] CVE-2006-1529 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1530 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1531 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1723 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1724 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1727 Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under "Print Preview".under "Print Preview". [MFSA-2006-25] CVE-2006-1728 "shutdown" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24] CVE-2006-1729 Claus Jørgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23] CVE-2006-1730 An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22] CVE-2006-1731 "moz_bug_r_a4" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19] CVE-2006-1732 "shutdown" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17] CVE-2006-1733 "moz_bug_r_a4" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16] CVE-2006-1734 "shutdown" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScriptcode with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15] CVE-2006-1735 It is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14] CVE-2006-1736 It is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13] CVE-2006-1737 An integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11] CVE-2006-1738 An unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11] CVE-2006-1739 Certain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11] CVE-2006-1740 It is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12] CVE-2006-1741 "shutdown" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09] CVE-2006-1742 Igor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption, causing memory corruption. [MFSA-2006-10] CVE-2006-1790 A regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11] For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8. For the unstable distribution (sid) these problems have been fixed in version 1.5.0.2-1 of thunderbird. We recommend that you upgrade your Mozilla Thunderbird packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.dsc Size/MD5 checksum: 997 0327b5d56178e6045be49e9b78c60b76 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.diff.gz Size/MD5 checksum: 329931 4dab3c7b21e40d055b95d74c35bedb58 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4 Alpha architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_alpha.deb Size/MD5 checksum: 12838168 bda025fdf3b077045cc21bab3a89e257 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_alpha.deb Size/MD5 checksum: 3276290 6a1a40cacc0bf38e951acc448ef29db0 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_alpha.deb Size/MD5 checksum: 150442 fca6c3f049cdf068da21a4edec3974e2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_alpha.deb Size/MD5 checksum: 31886 f9f96e466c0bef3a0255c9eedded7bb3 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_alpha.deb Size/MD5 checksum: 87722 1280bc887809f52e77ea9f1b53739189 AMD64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_amd64.deb Size/MD5 checksum: 12246434 286f415370cea50e1db9e3cd42d2e4c2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_amd64.deb Size/MD5 checksum: 3277348 757202c4103104bbf82ce17ff93de6ad http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_amd64.deb Size/MD5 checksum: 149416 9f727c74782a27cbc31ba9c3cc05e365 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_amd64.deb Size/MD5 checksum: 31884 451a6095a65939e5c5fa01cbcce3f399 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_amd64.deb Size/MD5 checksum: 87560 1b4e74ca5a206c0028c7385a37c9d72c ARM architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_arm.deb Size/MD5 checksum: 10336960 226d96bb928a8a5f1169e8e8f22cb94c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_arm.deb Size/MD5 checksum: 3268838 d6df5cef8606a925ab2e0f6d4759e2bf http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_arm.deb Size/MD5 checksum: 141526 fb78403f901f5a3551864aae8677855b http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_arm.deb Size/MD5 checksum: 31904 5e442a325862851a1ddcdf098f602488 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_arm.deb Size/MD5 checksum: 79556 d93846c81f778cdc8089f594edcdee29 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_i386.deb Size/MD5 checksum: 11560136 b0e311d92acdc0c7e8b14b67bbf87a63 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_i386.deb Size/MD5 checksum: 3503954 c76b1c2003373abb489d55fbc1cf8e9b http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_i386.deb Size/MD5 checksum: 145070 42bfc6d7e45c85a328c974e0dbf33a2d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_i386.deb Size/MD5 checksum: 31882 6699d265d72be8d47e29607c19233ea5 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_i386.deb Size/MD5 checksum: 86338 f71fa003bb6cbd5e073791c02215f55f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_ia64.deb Size/MD5 checksum: 14613050 4ebeb5db1064173aa1c0f4f63debe1a4 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_ia64.deb Size/MD5 checksum: 3289384 28b78ccc68aa644a6e7ccfe1da7ed6c2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_ia64.deb Size/MD5 checksum: 153794 3d08e3ca8da7aab4d18325018f089cf1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_ia64.deb Size/MD5 checksum: 31886 5a51526eac30e965016709c84e5789cc http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_ia64.deb Size/MD5 checksum: 105440 bbf8174130d63df6a84a181e6f8f77d4 HP Precision architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_hppa.deb Size/MD5 checksum: 13558548 62fa53905105857b25039b360f5ed165 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_hppa.deb Size/MD5 checksum: 3282030 5c8f3bc938f0d9ee87588cbfb2cf79fb http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_hppa.deb Size/MD5 checksum: 151644 0a2894a49adc27f41dbc34ae850998cb http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_hppa.deb Size/MD5 checksum: 31886 06078286e5baa9703eecac8678c6259a http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_hppa.deb Size/MD5 checksum: 95646 82233c3c9d614801a19d6e07031a7e0a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_m68k.deb Size/MD5 checksum: 10782388 f59c564e46e44dcbe7e045635a500253 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_m68k.deb Size/MD5 checksum: 3267578 646924bd2241dd7c4c61be86ed52f66e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_m68k.deb Size/MD5 checksum: 143414 2ceb5e38365ba6488c0e0bbda2c16de2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_m68k.deb Size/MD5 checksum: 31924 c79717feb3366b475a181fb94666a308 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_m68k.deb Size/MD5 checksum: 80832 52d33e4efd5d53f0d88a45b560348fc5 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mips.deb Size/MD5 checksum: 11940252 693556d436d10d0dfc0df428967bc054 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mips.deb Size/MD5 checksum: 3275664 eeaff88720b28b8624e4e2683deb8156 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mips.deb Size/MD5 checksum: 146354 84e79291c3a085c9315140b01d00620c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mips.deb Size/MD5 checksum: 31894 ca7b49008df0913a853614cc1e1f58d0 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mips.deb Size/MD5 checksum: 83106 297bef79199e69cd7eed64aba0472de1 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mipsel.deb Size/MD5 checksum: 11801596 bbf40fdabbe94838a63d689263b13dfc http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mipsel.deb Size/MD5 checksum: 3276522 56b8c3fbf4dfe10c11219f722dee243f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mipsel.deb Size/MD5 checksum: 145920 55354ff3950db25f7a43d7dd643bdc0c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mipsel.deb Size/MD5 checksum: 31902 7792444ecceba497bbea95aa79bfd541 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mipsel.deb Size/MD5 checksum: 82932 a618ae0dc3fa628c9b942bc19a9e041b PowerPC architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_powerpc.deb Size/MD5 checksum: 10900888 5a4bfd9854a2402b57a0f7fbeebc69e4 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_powerpc.deb Size/MD5 checksum: 3266966 2f9dfc8d97dfbc136d3d4a409d86080c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_powerpc.deb Size/MD5 checksum: 143398 f1ed2509f11198cc79350ec34a8d169f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_powerpc.deb Size/MD5 checksum: 31892 555cd49ac0135b6cca34e346b1730916 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_powerpc.deb Size/MD5 checksum: 79634 55a53bdc25f21625e6a5bf7409a79a60 IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_s390.deb Size/MD5 checksum: 12694418 cb417029c1f1403fd85ad62696ba9a6a http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_s390.deb Size/MD5 checksum: 3277050 c9e56aa35a7ee4b3efb70aac8d1fb2b4 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_s390.deb Size/MD5 checksum: 149736 ddb248089886f5377167866e098276ee http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_s390.deb Size/MD5 checksum: 31894 757eabc20b4c623116efbfa6514f8674 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_s390.deb Size/MD5 checksum: 87580 a78dce29c87b7e57f30eb4ab566474b2 Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_sparc.deb Size/MD5 checksum: 11164666 54d3682c2946c7a1a1a2f4d5632c5a9e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_sparc.deb Size/MD5 checksum: 3271818 eec83ea3565d2a6137a077a0ac7bd0bf http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_sparc.deb Size/MD5 checksum: 143070 513f4ab787b0d0b680b562cb6e63fa18 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_sparc.deb Size/MD5 checksum: 31898 92244cdf10019877a52c4be13ec1fcdf http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_sparc.deb Size/MD5 checksum: 81430 041e86b0c9ea28c4f28973b9e1be627d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEWbk2W5ql+IAeqTIRAq/CAJ9uKbZsW70eiVPzhZzKIHx4BJrhmQCdFRMv nMPPOXb1A+ldZAOtytVNiDo= =NaAq -----END PGP SIGNATURE-----
