The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Special Forums > Security > Security Advisories (RSS)
USN-668-1: Thunderbird vulnerabilities USN-668-1: Thunderbird vulnerabilities
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Security Advisories (RSS) UNIX and Linux Security Advisories Via RSS News

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
USN-647-1: Thunderbird vulnerabilities iBot Security Advisories (RSS) 0 09-25-2008 11:50 PM
USN-629-1: Thunderbird vulnerabilities iBot Security Advisories (RSS) 0 07-25-2008 01:10 AM
USN-605-1: Thunderbird vulnerabilities iBot Security Advisories (RSS) 0 05-06-2008 04:40 PM
USN-582-1: Thunderbird vulnerabilities iBot Security Advisories (RSS) 0 02-29-2008 04:00 PM
Does anyone use Mozilla Thunderbird cnitadesigner UNIX for Dummies Questions & Answers 1 01-05-2005 06:13 PM

 
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old 11-25-2008
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,199
USN-668-1: Thunderbird vulnerabilities
Referenced CVEs:
CVE-2008-5012 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024


Description:
===========================================================Ubuntu Security Notice USN-668-1 November 26, 2008mozilla-thunderbird, thunderbird vulnerabilitiesCVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017,CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1Ubuntu 7.10: thunderbird 2.0.0.18+nobinonly-0ubuntu0.7.10.1Ubuntu 8.04 LTS: thunderbird 2.0.0.18+nobinonly-0ubuntu0.8.04.1Ubuntu 8.10: thunderbird 2.0.0.18+nobinonly-0ubuntu0.8.10.1After a standard system upgrade you need to restart Thunderbird to effectthe necessary changes.Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origincheck in Thunderbird could be bypassed. If a user were tricked into opening amalicious website, an attacker could obtain private information from datastored in the images, or discover information about software on the user'scomputer. (CVE-2008-5012)Jesse Ruderman discovered that Thunderbird did not properly guard locks onnon-native objects. If a user had JavaScript enabled and were tricked intoopening malicious web content, an attacker could cause a browser crash andpossibly execute arbitrary code with user privileges. (CVE-2008-5014)Several problems were discovered in the browser, layout and JavaScript engines.If a user had JavaScript enabled, these problems could allow an attacker tocrash Thunderbird and possibly execute arbitrary code with user privileges.(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)A flaw was discovered in Thunderbird's DOM constructing code. If a user weretricked into opening a malicious website while having JavaScript enabled, anattacker could cause the browser to crash and potentially execute arbitrarycode with user privileges. (CVE-2008-5021)It was discovered that the same-origin check in Thunderbird could be bypassed.If a user had JavaScript enabled and were tricked into opening malicious webcontent, an attacker could execute JavaScript in the context of a differentwebsite. (CVE-2008-5022)Chris Evans discovered that Thunderbird did not properly parse E4X documents,leading to quote characters in the namespace not being properly escaped.(CVE-2008-5024)Boris Zbarsky discovered that Thunderbird did not properly process comments inforwarded in-line messages. If a user had JavaScript enabled and opened amalicious email, an attacker may be able to obtain information about therecipient.





More...
 

Bookmarks

« RedHat: Important: tog-pegasus security update | USN-680-1: Samba vulnerability »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 06:34 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0