-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1134-1 security@xxxxxxxxxx http://www.debian.org/security/ Martin Schulze August 2nd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mozilla-thunderbird Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969 BugTraq ID : 18228 Several security related problems have been discovered in Mozilla which are also present in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and "moz_bug_r_a4" demonstrated that the higher privilege level could be passed along to the content-defined attack code. [MFSA-2006-37] CVE-2006-2777 A vulnerability allows remote attackers to execute arbitrary code and create notifications that are executed in a privileged context. [MFSA-2006-43] CVE-2006-2778 Mikolaj Habryn a buffer overflow in the crypto.signText function that allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments. [MFSA-2006-38] CVE-2006-2779 Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. This problem has only partially been corrected. [MFSA-2006-32] CVE-2006-2780 An integer overflow allows remote attackers to cause a denial of service and may permit the execution of arbitrary code. [MFSA-2006-32] CVE-2006-2781 Masatoshi Kimura discovered a double-free vulnerability that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a VCard. [MFSA-2006-40] CVE-2006-2782 Chuck McAuley discovered that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729] CVE-2006-2783 Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM) is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42] CVE-2006-2784 Paul Nickerson discovered that the fix for CAN-2005-0752 can be bypassed using nested javascript: URLs, allowing the attacker to execute privileged code. [MFSA-2005-34, MFSA-2006-36] CVE-2006-2785 Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get JavaScript to run. [MFSA-2006-34] CVE-2006-2786 Kazuho Oku discovered that Mozilla's lenient handling of HTTP header syntax may allow remote attackers to trick the browser to interpret certain responses as if they were responses from two different sites. [MFSA-2006-33] CVE-2006-2787 The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript run via EvalInSandbox can escape the sandbox and gain elevated privilege. [MFSA-2006-31] For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8a. For the unstable distribution (sid) these problems have been fixed in version 1.5.0.4-1 and xulrunner 1.5.0.4-1 for galeon and epiphany. We recommend that you upgrade your Mozilla Thunderbird packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.dsc Size/MD5 checksum: 999 a7547d54f6c987d16db915709bc5fe44 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.diff.gz Size/MD5 checksum: 453026 eb2d71ba5d15fe803784950a13a47563 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4 Alpha architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_alpha.deb Size/MD5 checksum: 12842296 fa614356eb934f90ae45fa3ed9dd1539 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_alpha.deb Size/MD5 checksum: 3278130 4cb654733bfccea8cd3c0df00b5def8c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_alpha.deb Size/MD5 checksum: 151082 c07a4daabd1c05a637520f9a094dc074 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_alpha.deb Size/MD5 checksum: 32502 80579d205020032c49770ce3fc7141f6 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_alpha.deb Size/MD5 checksum: 88350 3b3e525e54326e8e2d9af8b69904c3a8 AMD64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_amd64.deb Size/MD5 checksum: 12251804 deb4396f8cd09c132ff78052ff534f8a http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_amd64.deb Size/MD5 checksum: 3279014 7d2f64aba52ea20a7b8cf16a66fff252 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_amd64.deb Size/MD5 checksum: 150050 77fdbefdcd0aedbdbccac24e7c81f943 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_amd64.deb Size/MD5 checksum: 32488 867701a09fd5bbac7acc1865fbe064b8 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_amd64.deb Size/MD5 checksum: 88190 5bdde29214cc86cf4340ed9dd43c68d3 ARM architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_arm.deb Size/MD5 checksum: 10339868 a60a1c13491b2a0771c8e3517cd25dd8 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_arm.deb Size/MD5 checksum: 3270162 22724283f230b50cf6a173520c420fc1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_arm.deb Size/MD5 checksum: 142198 7008892dc0bb9bca14978a7e1f09fde9 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_arm.deb Size/MD5 checksum: 32512 3ac5306abd8ecbdd9ba981df3d61db68 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_arm.deb Size/MD5 checksum: 80218 5514acae240f08b8a061176131d2fdb8 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_i386.deb Size/MD5 checksum: 11565160 23e9aaa2f8f1a62bf43efb7bc815fdcf http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_i386.deb Size/MD5 checksum: 3506098 169af4eda4ae283d48a0b1523b05bdd7 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_i386.deb Size/MD5 checksum: 145716 e63141ba6a893db986bd0e9cbcc575e9 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_i386.deb Size/MD5 checksum: 32480 2d23870e404431d77f83601ec81a7fda http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_i386.deb Size/MD5 checksum: 86962 ea63c9a6e99a6895ad7eb1fe70363b22 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_ia64.deb Size/MD5 checksum: 14618962 f0ae93cc731f61beb0599fac54445460 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_ia64.deb Size/MD5 checksum: 3290490 2d16d23f8042bad1273b992861011349 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_ia64.deb Size/MD5 checksum: 154412 1b39804a27f4b7dae90e92d7a39d4bb9 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_ia64.deb Size/MD5 checksum: 32490 818339f4a6d9e98182975f9d1a834939 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_ia64.deb Size/MD5 checksum: 106058 6b1214ef1b42a53af54389da726fd478 HP Precision architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_hppa.deb Size/MD5 checksum: 13561594 b7eb45b4c8829370a58b2d870021024e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_hppa.deb Size/MD5 checksum: 3283714 f65b93a3a73a3dfc62d6f024c259a1db http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_hppa.deb Size/MD5 checksum: 152280 06e23e82444cacea77afdc87699f5773 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_hppa.deb Size/MD5 checksum: 32496 06a10d18ef8a1bc84b89b3cc50e8cad5 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_hppa.deb Size/MD5 checksum: 96308 076063aee6cf91541585b08fdf73a801 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_m68k.deb Size/MD5 checksum: 10786352 e5c9c4cb536f92fc2cab024541460b8f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_m68k.deb Size/MD5 checksum: 3269592 909c5464deba45d965f5a0612f04becd http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_m68k.deb Size/MD5 checksum: 143968 6e45eef4d3241039abe41a638e9f34df http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_m68k.deb Size/MD5 checksum: 32522 494885109459853538c84e47c21635ec http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_m68k.deb Size/MD5 checksum: 81442 c978cb34ab778b06385814cd4ad51056 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mips.deb Size/MD5 checksum: 11941536 ddf753469c129bf3fd2681a9bbc5e81a http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mips.deb Size/MD5 checksum: 3277166 1f3efa2d140a400ad98b73ba33f6e35c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mips.deb Size/MD5 checksum: 146966 a5e221ce8c30ee3a12c1a3d6603c52dd http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mips.deb Size/MD5 checksum: 32496 05e84094b89573c4aafac9b414bb0d34 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mips.deb Size/MD5 checksum: 83704 a1006bc20c63a7d51607cc3249a88677 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mipsel.deb Size/MD5 checksum: 11806560 dccdeef719f40ee45b6ea11a2e1d5675 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mipsel.deb Size/MD5 checksum: 3278332 12657ea860ed91f17750e30458526dc9 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mipsel.deb Size/MD5 checksum: 146522 b528200933d5bcb366959bfb21015b1b http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mipsel.deb Size/MD5 checksum: 32496 5956a48e052e31695346398197734eef http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mipsel.deb Size/MD5 checksum: 83552 a0a0035eadfb314ebd90a21f4e888275 PowerPC architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_powerpc.deb Size/MD5 checksum: 10903816 1590ee6c726500d5cb4f037d29e0a8f8 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_powerpc.deb Size/MD5 checksum: 3268272 67789b6af42f2b76d578377cc4ff9f3d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_powerpc.deb Size/MD5 checksum: 144024 3617dbb5b65f5c1d4317b09626f0be5f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_powerpc.deb Size/MD5 checksum: 32500 5807e7e4389796a8dd1b79c9ae07f051 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_powerpc.deb Size/MD5 checksum: 80232 5f4d117d2108a7c0ab683e6b2756a701 IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_s390.deb Size/MD5 checksum: 12697106 ba9085a2f7203579f62e288e3f1dd7ee http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_s390.deb Size/MD5 checksum: 3278522 7b17ff2d80845368acdf7263c1affc50 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_s390.deb Size/MD5 checksum: 150324 943c02d94e672ec2fe94c1303ee2679d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_s390.deb Size/MD5 checksum: 32484 2cbf34e4da8492fe773465378e069ca6 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_s390.deb Size/MD5 checksum: 88194 e7ccfa32631e9acd0e96146f9c49a176 Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_sparc.deb Size/MD5 checksum: 11167620 d493999d1fe3f28b0adef98731003ad7 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_sparc.deb Size/MD5 checksum: 3273616 2e75bfd4a38e0e92de802c7ed5560f90 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_sparc.deb Size/MD5 checksum: 143680 402f90dc28004eb5c6777d1e13946c55 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_sparc.deb Size/MD5 checksum: 32500 0534fcca42cbc508c633ec090b875bb1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_sparc.deb Size/MD5 checksum: 82040 ca4a06228ba6980a44b8df8c37b94b0c These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFE0DxmW5ql+IAeqTIRAsp1AJ97nYmTTJkiBndiQOOgXsV+qpmykACfZJdd ku2AHbUfjrYfmWIPmbXzCuA= =Kh5x -----END PGP SIGNATURE-----
