<<< Date Index >>>     <<< Thread Index >>>

[USN-297-3] Thunderbird vulnerabilities



=========================================================== 
Ubuntu Security Notice USN-297-3              July 26, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2784,
CVE-2006-2787
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  mozilla-thunderbird                      1.0.8-0ubuntu05.04.1

Ubuntu 5.10:
  mozilla-thunderbird                      1.0.8-0ubuntu05.10.2

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

Details follow:

USN-297-1 fixed several vulnerabilities in Thunderbird for the Ubuntu
6.06 LTS release. This update provides the corresponding fixes for
Ubuntu 5.04 and Ubuntu 5.10.

For reference, these are the details of the original USN:

  Jonas Sicking discovered that under some circumstances persisted XUL
  attributes are associated with the wrong URL. A malicious web site
  could exploit this to execute arbitrary code with the privileges of
  the user. (MFSA 2006-35, CVE-2006-2775)

  Paul Nickerson discovered that content-defined setters on an object
  prototype were getting called by privileged UI code. It was
  demonstrated that this could be exploited to run arbitrary web
  script with full user privileges (MFSA 2006-37, CVE-2006-2776).

  Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
  function. By sending an email with malicious JavaScript to an user,
  and that user enabled JavaScript in Thunderbird (which is not the
  default and not recommended), this could potentially be exploited to
  execute arbitrary code with the user's privileges. (MFSA 2006-38,
  CVE-2006-2778)

  The Mozilla developer team discovered several bugs that lead to
  crashes with memory corruption. These might be exploitable by
  malicious web sites to execute arbitrary code with the privileges of
  the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)

  Masatoshi Kimura discovered a memory corruption (double-free) when
  processing a large VCard with invalid base64 characters in it. By
  sending a maliciously crafted set of VCards to a user, this could
  potentially be exploited to execute arbitrary code with the user's
  privileges. (MFSA 2006-40, CVE-2006-2781)

  Masatoshi Kimura found a way to bypass web input sanitizers which
  filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)'
  characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters
  might not recognize the tags anymore; however, Thunderbird would
  still execute them since BOM markers are filtered out before
  processing a mail containing JavaScript. (MFSA 2006-42,
  CVE-2006-2783)

  Kazuho Oku discovered various ways to perform HTTP response
  smuggling when used with certain proxy servers. Due to different
  interpretation of nonstandard HTTP headers in Thunderbird and the
  proxy server, a malicious HTML email can exploit this to send back
  two responses to one request. The second response could be used to
  steal login cookies or other sensitive data from another opened web
  site. (MFSA 2006-33, CVE-2006-2786)

  It was discovered that JavaScript run via EvalInSandbox() can escape
  the sandbox. Malicious scripts received in emails containing
  JavaScript could use these privileges to execute arbitrary code with
  the user's privileges. (MFSA 2006-31, CVE-2006-2787)


Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1.diff.gz
      Size/MD5:    98300 a4dffa1705bd280224188e7bbc7781dd
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1.dsc
      Size/MD5:      946 7eebd4d62af685dd0ce74d5ff741c92c
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz
      Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_amd64.deb
      Size/MD5:  3347854 519c296b742dc6e6d5c308b0b6c5a433
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_amd64.deb
      Size/MD5:   145244 9a8d5c4ade62afdb187022df1b188099
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_amd64.deb
      Size/MD5:    27718 aa28f71d2133d0810bbf166d86c68dc7
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_amd64.deb
      Size/MD5:    82728 55ede40f0e71d287cfabe73492b3a71a
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_amd64.deb
      Size/MD5: 11959242 c6acc1fa0785193f037fb35a14f7505e

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_i386.deb
      Size/MD5:  3341642 18916c1156df514eb6b538ec63737a8d
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_i386.deb
      Size/MD5:   140326 b2f8c499a4b160e6131d2fb2278e54b5
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_i386.deb
      Size/MD5:    27724 6bab59d8db842eee01a411c256b64cd8
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_i386.deb
      Size/MD5:    80468 114885d918a10761414adafc506be2e5
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_i386.deb
      Size/MD5: 10911294 67ab1c44fe9a3d164e0c79755365e2bf

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  3337162 85e96f1fe254dc69170d3fc814110cd2
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   139122 0ac4864a4c69045c43b37aad80f3336d
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_powerpc.deb
      Size/MD5:    27732 b4103fcdfef1107966f21b8a857dc01f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_powerpc.deb
      Size/MD5:    74682 8f14928b2be37c12e205be1389749e0d
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_powerpc.deb
      Size/MD5: 10453746 f728c125a4ccf1d556ffd9cc39539055

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2.diff.gz
      Size/MD5:   100417 c3f0f93e338ff900b5ccec2515d0c43b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2.dsc
      Size/MD5:      919 5945fce5d3140112099d74b56537666b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz
      Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_amd64.deb
      Size/MD5:  3294738 7340b5b39e4954d5c6284e04229e6632
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_amd64.deb
      Size/MD5:   146796 030b130217cd4b0cec9fd2e0c5239a0d
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_amd64.deb
      Size/MD5:    28266 11631a9ac55712b21a03470fe424e480
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_amd64.deb
      Size/MD5:    86278 4059ff0cb8da24cbd92d72accd3f2d67
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_amd64.deb
      Size/MD5: 11977184 6d77be91b8c0e9b06cf0cec0c8483998

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_i386.deb
      Size/MD5:  3288954 2ced47739fac731f7347e497492df79e
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_i386.deb
      Size/MD5:   140348 f8b1ccb61ef81ba4b583f10369b82aee
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_i386.deb
      Size/MD5:    28262 ed05e4d9845d11e42062acd9d79e3a3b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_i386.deb
      Size/MD5:    77656 586525c74b61275a49b3f91a549c31b4
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_i386.deb
      Size/MD5: 10380218 64dc49a7e9e75326164ca589aad327f1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_powerpc.deb
      Size/MD5:  3286824 49338b4f633089ec3119f8a341992751
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_powerpc.deb
      Size/MD5:   140438 401fc8d07b433ac4d71a9a37c9f086a7
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_powerpc.deb
      Size/MD5:    28272 900eb236bc7e85f4d99177f12d0084f4
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_powerpc.deb
      Size/MD5:    77364 c7b1e38a5d83594885bbeb987b477865
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_powerpc.deb
      Size/MD5: 10489086 b2665fa914781ad11bf4e826c5825a1a

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_sparc.deb
      Size/MD5:  3286920 dd3b7e55abd608360b81e0db14b4376f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_sparc.deb
      Size/MD5:   138920 2709c330b93517f8dfa3676ee1f2aa92
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_sparc.deb
      Size/MD5:    28268 feba2248d1093bed5fa21f463a8ea3a0
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_sparc.deb
      Size/MD5:    75314 d609546dfa5ff12c5e5c4a0e33efbf34
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_sparc.deb
      Size/MD5: 10165076 b9aaeb254fb107435156f01d70b64e9e

Attachment: signature.asc
Description: Digital signature