[USN-200-1] Thunderbird vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-200-1] Thunderbird vulnerabilities
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Tue, 11 Oct 2005 08:00:28 +0200
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.9i
===========================================================
Ubuntu Security Notice USN-200-1           October 11, 2005
mozilla-thunderbird vulnerabilities
CAN-2005-2701, CAN-2005-2702, CAN-2005-2703, CAN-2005-2704,
CAN-2005-2705, CAN-2005-2706, CAN-2005-2707, CAN-2005-2968
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-thunderbird

The problem can be corrected by upgrading the affected package to
version 1.0.7-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.7-0ubuntu05.04
(for Ubuntu 5.04).  After a standard system upgrade you need to
restart Thunderbird to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the XBM image handler. By tricking
an user into opening a specially crafted XBM image, an attacker could
exploit this to execute arbitrary code with the user's privileges.
(CAN-2005-2701)

Mats Palmgren discovered a buffer overflow in the Unicode string
parser. Unicode strings that contained "zero-width non-joiner"
characters caused a browser crash, which could possibly even exploited
to execute arbitrary code with the user's privileges.
(CAN-2005-2702)

Georgi Guninski reported an integer overflow in the JavaScript engine.
This could be exploited to run arbitrary code under some conditions.
(CAN-2005-2705)

Peter Zelezny discovered that URLs which are passed to Thunderbird on the
command line are not correctly protected against interpretation by the shell.
If Thunderbird is configured as the default handler for "mailto:"; URLs, this
could be exploited to execute arbitrary code with user privileges by tricking
the user into clicking on a specially crafted URL (for example, in an email or
chat client).  (CAN-2005-2968)

This update also fixes some less critical issues which are described
at http://www.mozilla.org/security/announce/mfsa2005-58.html.
(CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707)

The "enigmail" plugin has been updated to work with the new
Thunderbird and Mozilla versions.

Updated packages for Ubuntu 4.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10.diff.gz
      Size/MD5:    79613 f9bde38c0670fa1425a90cb8ce4b0185
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10.dsc
      Size/MD5:      942 707e6e98a71dee959646fc729323fcf8
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7.orig.tar.gz
      Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu04.10.2.diff.gz
      Size/MD5:    17273 13d3e8b980bacb933f76c5705f507af2
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu04.10.2.dsc
      Size/MD5:      892 5072d001bb1b206877d11508a069f13f
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz
      Size/MD5:  2038607 c79925633b9e01fa6737d75c2e7acb89

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:  3345028 b04933e0f9cad6333998a0dfae666173
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:   144016 156792439201556a8fd6bf9c1a6d985f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:    26556 015d82c959ee206ceb2c09220a0fd6f4
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5:    81636 f9331c7d54dc993721c18934398732e4
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_amd64.deb
      Size/MD5: 12260290 5c5df9f4ca8502a0d6d084145989649f
    
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_amd64.deb
      Size/MD5:   326932 eaad6317faffbfe400f49969137b718e
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_amd64.deb
      Size/MD5:   332914 a523cf68e0f4a123919f160efc27146b

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:  3338654 c0abd1899e6a8359a4f6793ccd8ea4af
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:   139126 190afe37f6e2da0fa3dc2d8104be281c
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:    26552 ab522a27164827f14ef71cb132e290ef
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5:    79288 0613543b80f24e73e91e5b2e271b62dc
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_i386.deb
      Size/MD5: 11342604 a55bf50bc133c38da9fb2fd29fcf783d
    
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_i386.deb
      Size/MD5:   310660 3234927815cbf29ba5e185c9b9b95b11
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_i386.deb
      Size/MD5:   318280 4fd58af2f3741c214b423a5c56574a80

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:  3333802 030aced3c33f475e172db83e791df525
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:   137894 2716caa9d79e6eedaaaa2d56a53ddc9a
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:    26552 d7a3b05a93f84b2a1fc3dbcf088a2639
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5:    73418 03b28536712653dc9394972399121cae
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_powerpc.deb
      Size/MD5: 10896852 2e40122393db4aec2ecb17758464bd48
    
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_powerpc.deb
      Size/MD5:   312894 b76c35805b1a190d35a82ae36e79faf4
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_powerpc.deb
      Size/MD5:   320138 603c5ef819898111cc7534c8a2ade052

Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04.diff.gz
      Size/MD5:    79568 927f7fb3e2fa0d91e3e2929a3fbb022f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04.dsc
      Size/MD5:      942 e644b0e7b01047b3014b63fc9a334a45
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7.orig.tar.gz
      Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.2.diff.gz
      Size/MD5:    17263 bc977ffccd94a895507a89fab00c0740
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.2.dsc
      Size/MD5:      892 8c5e2196917a692743a46aeee4c1742a
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz
      Size/MD5:  2038607 c79925633b9e01fa6737d75c2e7acb89

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:  3344886 15f56aecc9a8c76a69479f75f0559ee4
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:   144006 4e60bcf3fb0c32d57a0b24d162feb23a
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:    26524 b2b1b1e7f6b7432c44b9e46f13528d1f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5:    81504 89cfb1ce5708c1c3cf41082bc486c403
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_amd64.deb
      Size/MD5: 11953616 80eaa1ccacbd8bbc343ed05603431c7b
    
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_amd64.deb
      Size/MD5:   326942 358d55b0964721b909d0a5d1c7f99d41
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_amd64.deb
      Size/MD5:   332960 91f90a97e9ad7dd36e91daf95d48068a

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:  3338534 c23ffedc8034495f9c4b672597b3301c
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:   139102 8dfdcc3cecd98f6553c2f6e1294f3131
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:    26520 7ddb9e9fa4bd2a4a4b25a74c49fbffea
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5:    79248 13adc727d9bf951eff938d3c352f7fc9
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_i386.deb
      Size/MD5: 10901960 96bdb11e0ac8fe09cf83ccc49ae19351
    
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_i386.deb
      Size/MD5:   310688 8513c0c249978caa18d56b2e8a8141be
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_i386.deb
      Size/MD5:   318308 61e86fa897f1b3a9609769633c63485a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:  3333732 d0914dd3b69c3d16e3e5404d8eb69e7b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:   137880 9656e69890c3d1abe624e530b1480c25
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:    26530 d58893a55c9d6da837223e868d2ef523
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5:    73480 52011db0bc524f75ec78f69d1dc2736e
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_powerpc.deb
      Size/MD5: 10447288 6289932038b021a33926ff180990c755
    
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_powerpc.deb
      Size/MD5:   313004 5174b8c1afd1063b80d638f14d0dfe9c
    
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_powerpc.deb
      Size/MD5:   320088 90895e1af1e604ded4ff5e9eb9eec95a
Attachment: signature.asc
Description: Digital signature
Prev by Date: [SECURITY] [DSA 850-1] New tcpdump packages fix denial of service
Next by Date: using php local file include vulnerabilities for command execution
Previous by thread: [SECURITY] [DSA 850-1] New tcpdump packages fix denial of service
Next by thread: using php local file include vulnerabilities for command execution
Index(es):
- Date
- Thread