Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Ubuntu :: va2226.htm

Thunderbird vulnerabilities

Thunderbird vulnerabilities
Thunderbird vulnerabilities

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-701-2           January 06, 2009
mozilla-thunderbird vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507,
CVE-2008-5508, CVE-2008-5511, CVE-2008-5512
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Several flaws were discovered in the browser engine. If a user had Javascript
enabled, these problems could allow an attacker to crash Thunderbird and
possibly execute arbitrary code with user privileges. (CVE-2008-5500)

Boris Zbarsky discovered that the same-origin check in Thunderbird could be
bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an
attacker could exploit this to read data from other domains. (CVE-2008-5503)

Marius Schilder discovered that Thunderbird did not properly handle redirects
to an outside domain when an XMLHttpRequest was made to a same-origin resource.
When Javascript is enabled, it's possible that sensitive information could be
revealed in the XMLHttpRequest response. (CVE-2008-5506)

Chris Evans discovered that Thunderbird did not properly protect a user's data
when accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website and had Javascript enabled, an attacker may be able to steal a limited
amount of private data. (CVE-2008-5507)

Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered
Thunderbird did not properly parse URLs when processing certain control
characters. (CVE-2008-5508)

Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website and had Javascript enabled, an attacker could
exploit this to execute arbitrary Javascript code within the context of another
website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512)

Updated packages for Ubuntu 6.06 LTS:

  Source archives: 
      Size/MD5:   457871 6708c462f15f2f2a6baff4e29c89f30a 
      Size/MD5:     1050 afa2249f6dc30aab41be123a9dc4ee37 
      Size/MD5: 38496066 4cfc246095c4d0aed823957286b3d78e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon): 
      Size/MD5:  3594116 be08ab02c9d79056d6633df8204ac697 
      Size/MD5:   195036 3388af5706c609fd857af0b4c83baaaf 
      Size/MD5:    60284 e48244b6f33777de63390a186f00a587 
      Size/MD5: 12121434 1874cff31d6f97f46d44b7912d8a209e

  i386 architecture (x86 compatible Intel/AMD): 
      Size/MD5:  3587984 87ca4cd810a3aef5f0031f87fe2b4093 
      Size/MD5:   188476 6067997901bf2298f86f154ed75605de 
      Size/MD5:    55808 9223b79d4b57a4288723fb9247f09016 
      Size/MD5: 10391474 2dae030db3d78d5eeea2d2b262017083

  powerpc architecture (Apple Macintosh G3/G4/G5): 
      Size/MD5:  3593172 2ca154973ea6df8fb00cac0f50e791a8 
      Size/MD5:   191762 81d133d1bfeb70d377692fd49d5ea9c1 
      Size/MD5:    59440 bbc9361554b79c69d08ac62b79508199 
      Size/MD5: 11676430 300ce0fabdf9530f0a4a748755deb9be

  sparc architecture (Sun SPARC/UltraSPARC): 
      Size/MD5:  3589802 4851d549ab3f7b89eb130435941b145a 
      Size/MD5:   189224 6f81dcb50c903107106edf511564f82b 
      Size/MD5:    57298 06ba7f5f613f0d28457ac9c89366e4a5 
      Size/MD5: 10869132 496a8efbcdbdf4e709c58aa4101d2d62

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.9 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH