DSA 1134-1: New Mozilla Thunderbird packages fix several vulnerabilities
Posted on: 08/02/2006 07:12 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1134-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 2nd, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781
CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785
CVE-2006-2786 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID : 18228

Several security related problems have been discovered in Mozilla
which are also present in Mozilla Thunderbird. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-1942

Eric Foley discovered that a user can be tricked to expose a local
file to a remote attacker by displaying a local file as image in
connection with other vulnerabilities. [MFSA-2006-39]

CVE-2006-2775

XUL attributes are associated with the wrong URL under certain
circumstances, which might allow remote attackers to bypass
restrictions. [MFSA-2006-35]

CVE-2006-2776

Paul Nickerson discovered that content-defined setters on an
object prototype were getting called by privileged user interface
code, and "moz_bug_r_a4" demonstrated that the higher privilege
level could be passed along to the content-defined attack code.
[MFSA-2006-37]

CVE-2006-2777

A vulnerability allows remote attackers to execute arbitrary code
and create notifications that are executed in a privileged
context. [MFSA-2006-43]

CVE-2006-2778

Mikolaj Habryn a buffer overflow in the crypto.signText function
that allows remote attackers to execute arbitrary code via certain
optional Certificate Authority name arguments. [MFSA-2006-38]

CVE-2006-2779

Mozilla team members discovered several crashes during testing of
the browser engine showing evidence of memory corruption which may
also lead to the execution of arbitrary code. This problem has
only partially been corrected. [MFSA-2006-32]

CVE-2006-2780

An integer overflow allows remote attackers to cause a denial of
service and may permit the execution of arbitrary code.
[MFSA-2006-32]

CVE-2006-2781

Masatoshi Kimura discovered a double-free vulnerability that
allows remote attackers to cause a denial of service and possibly
execute arbitrary code via a VCard. [MFSA-2006-40]

CVE-2006-2782

Chuck McAuley discovered that a text input box can be pre-filled
with a filename and then turned into a file-upload control,
allowing a malicious website to steal any local file whose name
they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

CVE-2006-2783

Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
is stripped from UTF-8 pages during the conversion to Unicode
before the parser sees the web page, which allows remote attackers
to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42]

CVE-2006-2784

Paul Nickerson discovered that the fix for CAN-2005-0752 can be
bypassed using nested javascript: URLs, allowing the attacker to
execute privileged code. [MFSA-2005-34, MFSA-2006-36]

CVE-2006-2785

Paul Nickerson demonstrated that if an attacker could convince a
user to right-click on a broken image and choose "View Image" from
the context menu then he could get JavaScript to
run. [MFSA-2006-34]

CVE-2006-2786

Kazuho Oku discovered that Mozilla's lenient handling of HTTP
header syntax may allow remote attackers to trick the browser to
interpret certain responses as if they were responses from two
different sites. [MFSA-2006-33]

CVE-2006-2787

The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
run via EvalInSandbox can escape the sandbox and gain elevated
privilege. [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8a.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.4-1 and xulrunner 1.5.0.4-1 for galeon and epiphany.

We recommend that you upgrade your Mozilla Thunderbird packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.dsc
Size/MD5 checksum: 999 a7547d54f6c987d16db915709bc5fe44
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.diff.gz
Size/MD5 checksum: 453026 eb2d71ba5d15fe803784950a13a47563
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_alpha.deb
Size/MD5 checksum: 12842296 fa614356eb934f90ae45fa3ed9dd1539
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_alpha.deb
Size/MD5 checksum: 3278130 4cb654733bfccea8cd3c0df00b5def8c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_alpha.deb
Size/MD5 checksum: 151082 c07a4daabd1c05a637520f9a094dc074
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_alpha.deb
Size/MD5 checksum: 32502 80579d205020032c49770ce3fc7141f6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_alpha.deb
Size/MD5 checksum: 88350 3b3e525e54326e8e2d9af8b69904c3a8

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_amd64.deb
Size/MD5 checksum: 12251804 deb4396f8cd09c132ff78052ff534f8a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_amd64.deb
Size/MD5 checksum: 3279014 7d2f64aba52ea20a7b8cf16a66fff252
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_amd64.deb
Size/MD5 checksum: 150050 77fdbefdcd0aedbdbccac24e7c81f943
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_amd64.deb
Size/MD5 checksum: 32488 867701a09fd5bbac7acc1865fbe064b8
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_amd64.deb
Size/MD5 checksum: 88190 5bdde29214cc86cf4340ed9dd43c68d3

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_arm.deb
Size/MD5 checksum: 10339868 a60a1c13491b2a0771c8e3517cd25dd8
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_arm.deb
Size/MD5 checksum: 3270162 22724283f230b50cf6a173520c420fc1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_arm.deb
Size/MD5 checksum: 142198 7008892dc0bb9bca14978a7e1f09fde9
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_arm.deb
Size/MD5 checksum: 32512 3ac5306abd8ecbdd9ba981df3d61db68
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_arm.deb
Size/MD5 checksum: 80218 5514acae240f08b8a061176131d2fdb8

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_i386.deb
Size/MD5 checksum: 11565160 23e9aaa2f8f1a62bf43efb7bc815fdcf
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_i386.deb
Size/MD5 checksum: 3506098 169af4eda4ae283d48a0b1523b05bdd7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_i386.deb
Size/MD5 checksum: 145716 e63141ba6a893db986bd0e9cbcc575e9
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_i386.deb
Size/MD5 checksum: 32480 2d23870e404431d77f83601ec81a7fda
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_i386.deb
Size/MD5 checksum: 86962 ea63c9a6e99a6895ad7eb1fe70363b22

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_ia64.deb
Size/MD5 checksum: 14618962 f0ae93cc731f61beb0599fac54445460
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_ia64.deb
Size/MD5 checksum: 3290490 2d16d23f8042bad1273b992861011349
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_ia64.deb
Size/MD5 checksum: 154412 1b39804a27f4b7dae90e92d7a39d4bb9
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_ia64.deb
Size/MD5 checksum: 32490 818339f4a6d9e98182975f9d1a834939
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_ia64.deb
Size/MD5 checksum: 106058 6b1214ef1b42a53af54389da726fd478

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_hppa.deb
Size/MD5 checksum: 13561594 b7eb45b4c8829370a58b2d870021024e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_hppa.deb
Size/MD5 checksum: 3283714 f65b93a3a73a3dfc62d6f024c259a1db
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_hppa.deb
Size/MD5 checksum: 152280 06e23e82444cacea77afdc87699f5773
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_hppa.deb
Size/MD5 checksum: 32496 06a10d18ef8a1bc84b89b3cc50e8cad5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_hppa.deb
Size/MD5 checksum: 96308 076063aee6cf91541585b08fdf73a801

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_m68k.deb
Size/MD5 checksum: 10786352 e5c9c4cb536f92fc2cab024541460b8f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_m68k.deb
Size/MD5 checksum: 3269592 909c5464deba45d965f5a0612f04becd
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_m68k.deb
Size/MD5 checksum: 143968 6e45eef4d3241039abe41a638e9f34df
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_m68k.deb
Size/MD5 checksum: 32522 494885109459853538c84e47c21635ec
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_m68k.deb
Size/MD5 checksum: 81442 c978cb34ab778b06385814cd4ad51056

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mips.deb
Size/MD5 checksum: 11941536 ddf753469c129bf3fd2681a9bbc5e81a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mips.deb
Size/MD5 checksum: 3277166 1f3efa2d140a400ad98b73ba33f6e35c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mips.deb
Size/MD5 checksum: 146966 a5e221ce8c30ee3a12c1a3d6603c52dd
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mips.deb
Size/MD5 checksum: 32496 05e84094b89573c4aafac9b414bb0d34
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mips.deb
Size/MD5 checksum: 83704 a1006bc20c63a7d51607cc3249a88677

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mipsel.deb
Size/MD5 checksum: 11806560 dccdeef719f40ee45b6ea11a2e1d5675
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mipsel.deb
Size/MD5 checksum: 3278332 12657ea860ed91f17750e30458526dc9
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mipsel.deb
Size/MD5 checksum: 146522 b528200933d5bcb366959bfb21015b1b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mipsel.deb
Size/MD5 checksum: 32496 5956a48e052e31695346398197734eef
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mipsel.deb
Size/MD5 checksum: 83552 a0a0035eadfb314ebd90a21f4e888275

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_powerpc.deb
Size/MD5 checksum: 10903816 1590ee6c726500d5cb4f037d29e0a8f8
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_powerpc.deb
Size/MD5 checksum: 3268272 67789b6af42f2b76d578377cc4ff9f3d
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_powerpc.deb
Size/MD5 checksum: 144024 3617dbb5b65f5c1d4317b09626f0be5f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_powerpc.deb
Size/MD5 checksum: 32500 5807e7e4389796a8dd1b79c9ae07f051
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_powerpc.deb
Size/MD5 checksum: 80232 5f4d117d2108a7c0ab683e6b2756a701

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_s390.deb
Size/MD5 checksum: 12697106 ba9085a2f7203579f62e288e3f1dd7ee
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_s390.deb
Size/MD5 checksum: 3278522 7b17ff2d80845368acdf7263c1affc50
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_s390.deb
Size/MD5 checksum: 150324 943c02d94e672ec2fe94c1303ee2679d
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_s390.deb
Size/MD5 checksum: 32484 2cbf34e4da8492fe773465378e069ca6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_s390.deb
Size/MD5 checksum: 88194 e7ccfa32631e9acd0e96146f9c49a176

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_sparc.deb
Size/MD5 checksum: 11167620 d493999d1fe3f28b0adef98731003ad7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_sparc.deb
Size/MD5 checksum: 3273616 2e75bfd4a38e0e92de802c7ed5560f90
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_sparc.deb
Size/MD5 checksum: 143680 402f90dc28004eb5c6777d1e13946c55
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_sparc.deb
Size/MD5 checksum: 32500 0534fcca42cbc508c633ec090b875bb1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_sparc.deb
Size/MD5 checksum: 82040 ca4a06228ba6980a44b8df8c37b94b0c



These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0DxmW5ql+IAeqTIRAsp1AJ97nYmTTJkiBndiQOOgXsV+qpmykACfZJdd
ku2AHbUfjrYfmWIPmbXzCuA=
=Kh5x
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1134_1_new_mozilla_thunderbird_packages_fix_several_vulnerabilities.html)