<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1134-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
August 2nd, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781
                 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785
                 CVE-2006-2786 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID     : 18228

Several security related problems have been discovered in Mozilla
which are also present in Mozilla Thunderbird.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-1942

    Eric Foley discovered that a user can be tricked to expose a local
    file to a remote attacker by displaying a local file as image in
    connection with other vulnerabilities.  [MFSA-2006-39]

CVE-2006-2775

    XUL attributes are associated with the wrong URL under certain
    circumstances, which might allow remote attackers to bypass
    restrictions.  [MFSA-2006-35]

CVE-2006-2776

    Paul Nickerson discovered that content-defined setters on an
    object prototype were getting called by privileged user interface
    code, and "moz_bug_r_a4" demonstrated that the higher privilege
    level could be passed along to the content-defined attack code.
    [MFSA-2006-37]

CVE-2006-2777

    A vulnerability allows remote attackers to execute arbitrary code
    and create notifications that are executed in a privileged
    context.  [MFSA-2006-43]

CVE-2006-2778

    Mikolaj Habryn a buffer overflow in the crypto.signText function
    that allows remote attackers to execute arbitrary code via certain
    optional Certificate Authority name arguments.  [MFSA-2006-38]

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  This problem has
    only partially been corrected.  [MFSA-2006-32]

CVE-2006-2780

    An integer overflow allows remote attackers to cause a denial of
    service and may permit the execution of arbitrary code.
    [MFSA-2006-32]

CVE-2006-2781

    Masatoshi Kimura discovered a double-free vulnerability that
    allows remote attackers to cause a denial of service and possibly
    execute arbitrary code via a VCard.  [MFSA-2006-40]

CVE-2006-2782

    Chuck McAuley discovered that a text input box can be pre-filled
    with a filename and then turned into a file-upload control,
    allowing a malicious website to steal any local file whose name
    they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

CVE-2006-2783

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
    is stripped from UTF-8 pages during the conversion to Unicode
    before the parser sees the web page, which allows remote attackers
    to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]

CVE-2006-2784

    Paul Nickerson discovered that the fix for CAN-2005-0752 can be
    bypassed using nested javascript: URLs, allowing the attacker to
    execute privileged code.  [MFSA-2005-34, MFSA-2006-36]

CVE-2006-2785

    Paul Nickerson demonstrated that if an attacker could convince a
    user to right-click on a broken image and choose "View Image" from
    the context menu then he could get JavaScript to
    run.  [MFSA-2006-34]

CVE-2006-2786

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP
    header syntax may allow remote attackers to trick the browser to
    interpret certain responses as if they were responses from two
    different sites.  [MFSA-2006-33]

CVE-2006-2787

    The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
    run via EvalInSandbox can escape the sandbox and gain elevated
    privilege.  [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8a.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.4-1 and xulrunner 1.5.0.4-1 for galeon and epiphany.

We recommend that you upgrade your Mozilla Thunderbird packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.dsc
      Size/MD5 checksum:      999 a7547d54f6c987d16db915709bc5fe44
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.diff.gz
      Size/MD5 checksum:   453026 eb2d71ba5d15fe803784950a13a47563
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_alpha.deb
      Size/MD5 checksum: 12842296 fa614356eb934f90ae45fa3ed9dd1539
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_alpha.deb
      Size/MD5 checksum:  3278130 4cb654733bfccea8cd3c0df00b5def8c
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_alpha.deb
      Size/MD5 checksum:   151082 c07a4daabd1c05a637520f9a094dc074
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_alpha.deb
      Size/MD5 checksum:    32502 80579d205020032c49770ce3fc7141f6
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_alpha.deb
      Size/MD5 checksum:    88350 3b3e525e54326e8e2d9af8b69904c3a8

  AMD64 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_amd64.deb
      Size/MD5 checksum: 12251804 deb4396f8cd09c132ff78052ff534f8a
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_amd64.deb
      Size/MD5 checksum:  3279014 7d2f64aba52ea20a7b8cf16a66fff252
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_amd64.deb
      Size/MD5 checksum:   150050 77fdbefdcd0aedbdbccac24e7c81f943
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_amd64.deb
      Size/MD5 checksum:    32488 867701a09fd5bbac7acc1865fbe064b8
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_amd64.deb
      Size/MD5 checksum:    88190 5bdde29214cc86cf4340ed9dd43c68d3

  ARM architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_arm.deb
      Size/MD5 checksum: 10339868 a60a1c13491b2a0771c8e3517cd25dd8
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_arm.deb
      Size/MD5 checksum:  3270162 22724283f230b50cf6a173520c420fc1
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_arm.deb
      Size/MD5 checksum:   142198 7008892dc0bb9bca14978a7e1f09fde9
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_arm.deb
      Size/MD5 checksum:    32512 3ac5306abd8ecbdd9ba981df3d61db68
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_arm.deb
      Size/MD5 checksum:    80218 5514acae240f08b8a061176131d2fdb8

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_i386.deb
      Size/MD5 checksum: 11565160 23e9aaa2f8f1a62bf43efb7bc815fdcf
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_i386.deb
      Size/MD5 checksum:  3506098 169af4eda4ae283d48a0b1523b05bdd7
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_i386.deb
      Size/MD5 checksum:   145716 e63141ba6a893db986bd0e9cbcc575e9
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_i386.deb
      Size/MD5 checksum:    32480 2d23870e404431d77f83601ec81a7fda
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_i386.deb
      Size/MD5 checksum:    86962 ea63c9a6e99a6895ad7eb1fe70363b22

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_ia64.deb
      Size/MD5 checksum: 14618962 f0ae93cc731f61beb0599fac54445460
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_ia64.deb
      Size/MD5 checksum:  3290490 2d16d23f8042bad1273b992861011349
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_ia64.deb
      Size/MD5 checksum:   154412 1b39804a27f4b7dae90e92d7a39d4bb9
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_ia64.deb
      Size/MD5 checksum:    32490 818339f4a6d9e98182975f9d1a834939
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_ia64.deb
      Size/MD5 checksum:   106058 6b1214ef1b42a53af54389da726fd478

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_hppa.deb
      Size/MD5 checksum: 13561594 b7eb45b4c8829370a58b2d870021024e
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_hppa.deb
      Size/MD5 checksum:  3283714 f65b93a3a73a3dfc62d6f024c259a1db
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_hppa.deb
      Size/MD5 checksum:   152280 06e23e82444cacea77afdc87699f5773
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_hppa.deb
      Size/MD5 checksum:    32496 06a10d18ef8a1bc84b89b3cc50e8cad5
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_hppa.deb
      Size/MD5 checksum:    96308 076063aee6cf91541585b08fdf73a801

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_m68k.deb
      Size/MD5 checksum: 10786352 e5c9c4cb536f92fc2cab024541460b8f
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_m68k.deb
      Size/MD5 checksum:  3269592 909c5464deba45d965f5a0612f04becd
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_m68k.deb
      Size/MD5 checksum:   143968 6e45eef4d3241039abe41a638e9f34df
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_m68k.deb
      Size/MD5 checksum:    32522 494885109459853538c84e47c21635ec
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_m68k.deb
      Size/MD5 checksum:    81442 c978cb34ab778b06385814cd4ad51056

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mips.deb
      Size/MD5 checksum: 11941536 ddf753469c129bf3fd2681a9bbc5e81a
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mips.deb
      Size/MD5 checksum:  3277166 1f3efa2d140a400ad98b73ba33f6e35c
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mips.deb
      Size/MD5 checksum:   146966 a5e221ce8c30ee3a12c1a3d6603c52dd
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mips.deb
      Size/MD5 checksum:    32496 05e84094b89573c4aafac9b414bb0d34
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mips.deb
      Size/MD5 checksum:    83704 a1006bc20c63a7d51607cc3249a88677

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mipsel.deb
      Size/MD5 checksum: 11806560 dccdeef719f40ee45b6ea11a2e1d5675
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mipsel.deb
      Size/MD5 checksum:  3278332 12657ea860ed91f17750e30458526dc9
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mipsel.deb
      Size/MD5 checksum:   146522 b528200933d5bcb366959bfb21015b1b
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mipsel.deb
      Size/MD5 checksum:    32496 5956a48e052e31695346398197734eef
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mipsel.deb
      Size/MD5 checksum:    83552 a0a0035eadfb314ebd90a21f4e888275

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_powerpc.deb
      Size/MD5 checksum: 10903816 1590ee6c726500d5cb4f037d29e0a8f8
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_powerpc.deb
      Size/MD5 checksum:  3268272 67789b6af42f2b76d578377cc4ff9f3d
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_powerpc.deb
      Size/MD5 checksum:   144024 3617dbb5b65f5c1d4317b09626f0be5f
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_powerpc.deb
      Size/MD5 checksum:    32500 5807e7e4389796a8dd1b79c9ae07f051
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_powerpc.deb
      Size/MD5 checksum:    80232 5f4d117d2108a7c0ab683e6b2756a701

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_s390.deb
      Size/MD5 checksum: 12697106 ba9085a2f7203579f62e288e3f1dd7ee
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_s390.deb
      Size/MD5 checksum:  3278522 7b17ff2d80845368acdf7263c1affc50
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_s390.deb
      Size/MD5 checksum:   150324 943c02d94e672ec2fe94c1303ee2679d
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_s390.deb
      Size/MD5 checksum:    32484 2cbf34e4da8492fe773465378e069ca6
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_s390.deb
      Size/MD5 checksum:    88194 e7ccfa32631e9acd0e96146f9c49a176

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_sparc.deb
      Size/MD5 checksum: 11167620 d493999d1fe3f28b0adef98731003ad7
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_sparc.deb
      Size/MD5 checksum:  3273616 2e75bfd4a38e0e92de802c7ed5560f90
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_sparc.deb
      Size/MD5 checksum:   143680 402f90dc28004eb5c6777d1e13946c55
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_sparc.deb
      Size/MD5 checksum:    32500 0534fcca42cbc508c633ec090b875bb1
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_sparc.deb
      Size/MD5 checksum:    82040 ca4a06228ba6980a44b8df8c37b94b0c



  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0DxmW5ql+IAeqTIRAsp1AJ97nYmTTJkiBndiQOOgXsV+qpmykACfZJdd
ku2AHbUfjrYfmWIPmbXzCuA=
=Kh5x
-----END PGP SIGNATURE-----