USN-157-1: Mozilla Thunderbird vulnerabilities
Posted on: 08/01/2005 03:16 AM

A Mozilla Thunderbird security update has been released for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-157-1 August 01, 2005
mozilla-thunderbird vulnerabilities
CAN-2005-0989, CAN-2005-1159, CAN-2005-1160, CAN-2005-1532,
CAN-2005-2261, CAN-2005-2265, CAN-2005-2269, CAN-2005-2270,
CAN-2005-2353
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-thunderbird
mozilla-thunderbird-enigmail

The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.6-0ubuntu05.04 (for Ubuntu 5.04). You need to restart Thunderbird after a standard system upgrade to effect the necessary changes.

The current Enigmail plugin is not compatible any more with the Thunderbird version shipped in this security update, so the mozilla-thunderbird-enigmail package needs to be updated as well. An update is already available for Ubuntu 5.04, and will be delivered shortly for Ubuntu 4.10.

Details follow:

Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. (CAN-2005-09 89)

Georgi Guninski discovered that the types of certain XPInstall related JavaScript objects were not sufficiently validated when they were called. T
his could be exploited by malicious HTML email content to crash Thunderbird or even execute arbitrary code with the privileges of the user. (CAN-2005-1159)

Thunderbird did not properly verify the values of XML DOM nodes. By tricki
ng the user to perform a common action like clicking on a link or opening the context menu, a malicious HTML email could exploit this to execute arbitrary JavaScript code with the full privileges of the user. (CAN-2005-1160)

A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure Javascript eval and script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532)

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. This could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling Javascript would protect them. (CAN-2005-2261)

The function for version comparison in the addons installer did not properly verify the type of its argument. By passing specially crafted Javascript objects to it, a malicious web site could crash Thunderbird and possibly even execute arbitrary code with the privilege of the user account Thunderbird runs in. (CAN-2005-2265)

The XHTML DOM node handler did not take namespaces into account when verify ingnode types based on their names. For example, an XHTML email could contain an lt;IMGgt; tag with malicious contents, which would then be processed as the standard trusted HTML lt;imggt; tag. By tricking an user to view a malicious email, this could be exploited to execute attacker-specified code with the full privileges of the user. (CAN-2005-2269)

It was discovered that some objects were not created appropriately. This allowed malicious web content scripts to trace back the creation chain until they found a privileged object and execute code with higher privileges than allowed by the current site. (CAN-2005-2270)

Javier Fernendez-Sanguino Pefa discovered that the run-mozilla.sh script created temporary files in an unsafe way when running with 'debugging' enabled. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. (CAN-2005-2353)

The update for Ubuntu 4.10 (Warty Warthog) also fixes several less critical vulnerabilities which are not present in the Ubuntu 5.04 version. (MFSA-2005-02 to MFSA-2005-30; please see the following web site for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html).
We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu04.10.diff.gz
Size/MD5: 73508 3648c2252f6267d642c8f4e28a14eba0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu04.10.dsc
Size/MD5: 942 867a7864f0bce2639df4684bd264ddb9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6.orig.tar.gz
Size/MD5: 32933620 c28fc1fd78785b5264e9830b7be6f8ea

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-dev_1.0.6-0ubuntu04.10_amd64.deb
Size/MD5: 3344106 f3e52ae8a21f37b046d7f1d7c8c8776d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-inspector_1.0.6-0ubuntu04.10_amd64.deb
Size/MD5: 143406 49e86c62f34f5b46b844b1af6f76808e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-offline_1.0.6-0ubuntu04.10_amd64.deb
Size/MD5: 25942 451b04d908aec8843b4b37832c197e12
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-typeaheadfind_1.0.6-0ubuntu04.10_amd64.deb
Size/MD5: 81002 1f9589f00acb7223f6f1d320caa077ac
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu04.10_amd64.deb
Size/MD5: 12259022 1e3eb1a83028b876b942ffa2a4ec8595

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-dev_1.0.6-0ubuntu04.10_i386.deb
Size/MD5: 3337680 42e0747a2281c452f9b89bc0f45da1f5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-inspector_1.0.6-0ubuntu04.10_i386.deb
Size/MD5: 138492 b2e5a5ac934afe676fcf7e8ab9890107
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-offline_1.0.6-0ubuntu04.10_i386.deb
Size/MD5: 25940 94f40b33202345a7977168122a9f2aec
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-typeaheadfind_1.0.6-0ubuntu04.10_i386.deb
Size/MD5: 78654 83cc69b58e9fcce92223df5e3f717928
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu04.10_i386.deb
Size/MD5: 11341380 e57d9774c4d491dcf15f09f7889a6868

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-dev_1.0.6-0ubuntu04.10_powerpc.deb
Size/MD5: 3333202 62649be791c6c27e1245edc1abdc344f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-inspector_1.0.6-0ubuntu04.10_powerpc.deb
Size/MD5: 137268 17d462bac0e43a5094ed2656ca67258f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-offline_1.0.6-0ubuntu04.10_powerpc.deb
Size/MD5: 25950 aabf2e2ec761f74d8b6758fa98c1eae5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-typeaheadfind_1.0.6-0ubuntu04.10_powerpc.deb
Size/MD5: 72786 f5504ecf5cd74fb8b926192cbf0491a1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu04.10_powerpc.deb
Size/MD5: 10895290 69091f41e3b7cf59717a267b6dea4148

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu05.04.diff.gz
Size/MD5: 73461 0610e558ba5530b59a0575738270f399
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu05.04.dsc
Size/MD5: 942 4c1ccd87b48a5e989791954098936cac
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6.orig.tar.gz
Size/MD5: 32933620 c28fc1fd78785b5264e9830b7be6f8ea
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1u
buntu05.04.1.diff.gz
Size/MD5: 16763 a7d37dbf6abe3da411d00a41cf7c8be8
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1u
buntu05.04.1.dsc
Size/MD5: 892 04380200e70d9eeadab664cee6b1aa54
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.or
ig.tar.gz
Size/MD5: 2038607 c79925633b9e01fa6737d75c2e7acb89

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-dev_1.0.6-0ubuntu05.04_amd64.deb
Size/MD5: 3343822 a828df1aa118849e7e9d63c2118b83a8
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-inspector_1.0.6-0ubuntu05.04_amd64.deb
Size/MD5: 143386 d78c19acd6f77728eb517704b0770964
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-offline_1.0.6-0ubuntu05.04_amd64.deb
Size/MD5: 25884 60e3dca0c27325ef255349c889d9844f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-typeaheadfind_1.0.6-0ubuntu05.04_amd64.deb
Size/MD5: 80856 f9d7cb1e18baf01c68fd8ba2a595870f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu05.04_amd64.deb
Size/MD5: 11951990 f906f7738c3b5903b1a97658938fb9c0
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enig
mail_0.92-1ubuntu05.04.1_amd64.deb
Size/MD5: 326858 a37b7fda2c560db461a58771c88bac50
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderb
ird-enigmail_0.92-1ubuntu05.04.1_amd64.deb
Size/MD5: 332886 4bfd8408209d22717d1a50bb5e87e889

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-dev_1.0.6-0ubuntu05.04_i386.deb
Size/MD5: 3337242 fb47f26776929bb06b2b383f546117e6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-inspector_1.0.6-0ubuntu05.04_i386.deb
Size/MD5: 138448 4d99616e765e8e37282b02ace2441764
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-offline_1.0.6-0ubuntu05.04_i386.deb
Size/MD5: 25880 1de7833deb71b5fc3cc08dd1798f31e8
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-typeaheadfind_1.0.6-0ubuntu05.04_i386.deb
Size/MD5: 78606 108f78054cd910e1fe7c45440a2c7f79
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu05.04_i386.deb
Size/MD5: 10900596 2ca9e53c1bccf81a0ded54d781f892fe
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enig
mail_0.92-1ubuntu05.04.1_i386.deb
Size/MD5: 310612 afc30570ec061c922eca7a9146a12e1b
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderb
ird-enigmail_0.92-1ubuntu05.04.1_i386.deb
Size/MD5: 318236 5573e6d012fe8f02e82c8e05ee10f011

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-dev_1.0.6-0ubuntu05.04_powerpc.deb
Size/MD5: 3332996 50dafdc24c84117e7210a27537df7c00
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-inspector_1.0.6-0ubuntu05.04_powerpc.deb
Size/MD5: 137202 354b6bd41029419af278dbb632625716
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-offline_1.0.6-0ubuntu05.04_powerpc.deb
Size/MD5: 25886 633f6cff231f58e05fa0374dc649a44c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird-typeaheadfind_1.0.6-0ubuntu05.04_powerpc.deb
Size/MD5: 72806 dfdea066f335c2b06b69603a4e5c7b8c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozil
la-thunderbird_1.0.6-0ubuntu05.04_powerpc.deb
Size/MD5: 10446774 8d2b97d79de43e1b90af04f37c39b44b
http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enig
mail_0.92-1ubuntu05.04.1_powerpc.deb
Size/MD5: 312922 2e8d1c56e024dac9c5a532c6ddb43fd7
http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderb
ird-enigmail_0.92-1ubuntu05.04.1_powerpc.deb
Size/MD5: 320004 310cbc9849405f67c7d5d214afaf1dfd


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_157_1_mozilla_thunderbird_vulnerabilities.html)