========================================================== Ubuntu Security Notice USN-157-1 August 01, 2005 mozilla-thunderbird vulnerabilities CAN-2005-0989, CAN-2005-1159, CAN-2005-1160, CAN-2005-1532, CAN-2005-2261, CAN-2005-2265, CAN-2005-2269, CAN-2005-2270, CAN-2005-2353 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mozilla-thunderbird mozilla-thunderbird-enigmail The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.6-0ubuntu05.04 (for Ubuntu 5.04). You need to restart Thunderbird after a standard system upgrade to effect the necessary changes. The current Enigmail plugin is not compatible any more with the Thunderbird version shipped in this security update, so the mozilla-thunderbird-enigmail package needs to be updated as well. An update is already available for Ubuntu 5.04, and will be delivered shortly for Ubuntu 4.10. Details follow: Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. (CAN-2005-0989) Georgi Guninski discovered that the types of certain XPInstall related JavaScript objects were not sufficiently validated when they were called. This could be exploited by malicious HTML email content to crash Thunderbird or even execute arbitrary code with the privileges of the user. (CAN-2005-1159) Thunderbird did not properly verify the values of XML DOM nodes. By tricking the user to perform a common action like clicking on a link or opening the context menu, a malicious HTML email could exploit this to execute arbitrary JavaScript code with the full privileges of the user. (CAN-2005-1160) A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure Javascript eval and script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532) Scripts in XBL controls from web content continued to be run even when Javascript was disabled. This could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling Javascript would protect them. (CAN-2005-2261) The function for version comparison in the addons installer did not properly verify the type of its argument. By passing specially crafted Javascript objects to it, a malicious web site could crash Thunderbird and possibly even execute arbitrary code with the privilege of the user account Thunderbird runs in. (CAN-2005-2265) The XHTML DOM node handler did not take namespaces into account when verifying node types based on their names. For example, an XHTML email could contain an <IMG> tag with malicious contents, which would then be processed as the standard trusted HTML <img> tag. By tricking an user to view a malicious email, this could be exploited to execute attacker-specified code with the full privileges of the user. (CAN-2005-2269) It was discovered that some objects were not created appropriately. This allowed malicious web content scripts to trace back the creation chain until they found a privileged object and execute code with higher privileges than allowed by the current site. (CAN-2005-2270) Javier Fernández-Sanguino Peña discovered that the run-mozilla.sh script created temporary files in an unsafe way when running with 'debugging' enabled. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. (CAN-2005-2353) The update for Ubuntu 4.10 (Warty Warthog) also fixes several less critical vulnerabilities which are not present in the Ubuntu 5.04 version. (MFSA-2005-02 to MFSA-2005-30; please see the following web site for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html). We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu04.10.diff.gz Size/MD5: 73508 3648c2252f6267d642c8f4e28a14eba0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu04.10.dsc Size/MD5: 942 867a7864f0bce2639df4684bd264ddb9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6.orig.tar.gz Size/MD5: 32933620 c28fc1fd78785b5264e9830b7be6f8ea amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-0ubuntu04.10_amd64.deb Size/MD5: 3344106 f3e52ae8a21f37b046d7f1d7c8c8776d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-0ubuntu04.10_amd64.deb Size/MD5: 143406 49e86c62f34f5b46b844b1af6f76808e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-0ubuntu04.10_amd64.deb Size/MD5: 25942 451b04d908aec8843b4b37832c197e12 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-0ubuntu04.10_amd64.deb Size/MD5: 81002 1f9589f00acb7223f6f1d320caa077ac http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu04.10_amd64.deb Size/MD5: 12259022 1e3eb1a83028b876b942ffa2a4ec8595 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-0ubuntu04.10_i386.deb Size/MD5: 3337680 42e0747a2281c452f9b89bc0f45da1f5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-0ubuntu04.10_i386.deb Size/MD5: 138492 b2e5a5ac934afe676fcf7e8ab9890107 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-0ubuntu04.10_i386.deb Size/MD5: 25940 94f40b33202345a7977168122a9f2aec http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-0ubuntu04.10_i386.deb Size/MD5: 78654 83cc69b58e9fcce92223df5e3f717928 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu04.10_i386.deb Size/MD5: 11341380 e57d9774c4d491dcf15f09f7889a6868 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-0ubuntu04.10_powerpc.deb Size/MD5: 3333202 62649be791c6c27e1245edc1abdc344f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-0ubuntu04.10_powerpc.deb Size/MD5: 137268 17d462bac0e43a5094ed2656ca67258f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-0ubuntu04.10_powerpc.deb Size/MD5: 25950 aabf2e2ec761f74d8b6758fa98c1eae5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-0ubuntu04.10_powerpc.deb Size/MD5: 72786 f5504ecf5cd74fb8b926192cbf0491a1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu04.10_powerpc.deb Size/MD5: 10895290 69091f41e3b7cf59717a267b6dea4148 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu05.04.diff.gz Size/MD5: 73461 0610e558ba5530b59a0575738270f399 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu05.04.dsc Size/MD5: 942 4c1ccd87b48a5e989791954098936cac http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6.orig.tar.gz Size/MD5: 32933620 c28fc1fd78785b5264e9830b7be6f8ea http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.1.diff.gz Size/MD5: 16763 a7d37dbf6abe3da411d00a41cf7c8be8 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.1.dsc Size/MD5: 892 04380200e70d9eeadab664cee6b1aa54 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz Size/MD5: 2038607 c79925633b9e01fa6737d75c2e7acb89 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-0ubuntu05.04_amd64.deb Size/MD5: 3343822 a828df1aa118849e7e9d63c2118b83a8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-0ubuntu05.04_amd64.deb Size/MD5: 143386 d78c19acd6f77728eb517704b0770964 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-0ubuntu05.04_amd64.deb Size/MD5: 25884 60e3dca0c27325ef255349c889d9844f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-0ubuntu05.04_amd64.deb Size/MD5: 80856 f9d7cb1e18baf01c68fd8ba2a595870f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu05.04_amd64.deb Size/MD5: 11951990 f906f7738c3b5903b1a97658938fb9c0 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.1_amd64.deb Size/MD5: 326858 a37b7fda2c560db461a58771c88bac50 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.1_amd64.deb Size/MD5: 332886 4bfd8408209d22717d1a50bb5e87e889 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-0ubuntu05.04_i386.deb Size/MD5: 3337242 fb47f26776929bb06b2b383f546117e6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-0ubuntu05.04_i386.deb Size/MD5: 138448 4d99616e765e8e37282b02ace2441764 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-0ubuntu05.04_i386.deb Size/MD5: 25880 1de7833deb71b5fc3cc08dd1798f31e8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-0ubuntu05.04_i386.deb Size/MD5: 78606 108f78054cd910e1fe7c45440a2c7f79 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu05.04_i386.deb Size/MD5: 10900596 2ca9e53c1bccf81a0ded54d781f892fe http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.1_i386.deb Size/MD5: 310612 afc30570ec061c922eca7a9146a12e1b http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.1_i386.deb Size/MD5: 318236 5573e6d012fe8f02e82c8e05ee10f011 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-0ubuntu05.04_powerpc.deb Size/MD5: 3332996 50dafdc24c84117e7210a27537df7c00 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-0ubuntu05.04_powerpc.deb Size/MD5: 137202 354b6bd41029419af278dbb632625716 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-0ubuntu05.04_powerpc.deb Size/MD5: 25886 633f6cff231f58e05fa0374dc649a44c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-0ubuntu05.04_powerpc.deb Size/MD5: 72806 dfdea066f335c2b06b69603a4e5c7b8c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-0ubuntu05.04_powerpc.deb Size/MD5: 10446774 8d2b97d79de43e1b90af04f37c39b44b http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.1_powerpc.deb Size/MD5: 312922 2e8d1c56e024dac9c5a532c6ddb43fd7 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.1_powerpc.deb Size/MD5: 320004 310cbc9849405f67c7d5d214afaf1dfd
Attachment:
signature.asc
Description: Digital signature