diff options
Diffstat (limited to 'xml/htdocs/security/en/glsa/glsa-200608-04.xml')
| -rw-r--r-- | xml/htdocs/security/en/glsa/glsa-200608-04.xml | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/xml/htdocs/security/en/glsa/glsa-200608-04.xml b/xml/htdocs/security/en/glsa/glsa-200608-04.xml new file mode 100644 index 00000000..b0100f72 --- /dev/null +++ b/xml/htdocs/security/en/glsa/glsa-200608-04.xml @@ -0,0 +1,128 @@ +<?xml version="1.0" encoding="utf-8"?> +<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> +<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> + +<glsa id="200608-04"> + <title>Mozilla Thunderbird: Multiple vulnerabilities</title> + <synopsis> + The Mozilla Foundation has reported numerous security vulnerabilities + related to Mozilla Thunderbird. + </synopsis> + <product type="ebuild">Thunderbird</product> + <announced>August 03, 2006</announced> + <revised>August 03, 2006: 01</revised> + <bug>141842</bug> + <access>remote</access> + <affected> + <package name="mail-client/mozilla-thunderbird" auto="yes" arch="*"> + <unaffected range="ge">1.5.0.5</unaffected> + <vulnerable range="lt">1.5.0.5</vulnerable> + </package> + <package name="mail-client/mozilla-thunderbird-bin" auto="yes" arch="*"> + <unaffected range="ge">1.5.0.5</unaffected> + <vulnerable range="lt">1.5.0.5</vulnerable> + </package> + </affected> + <background> + <p> + The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail + component. The goal is to produce a cross-platform stand-alone mail + application using XUL (XML User Interface Language). + </p> + </background> + <description> + <p> + The following vulnerabilities have been reported: + </p> + <ul> + <li>Benjamin Smedberg discovered that chrome URLss could be made to + reference remote files.</li> + <li>Developers in the Mozilla community + looked for and fixed several crash bugs to improve the stability of + Mozilla clients.</li> + <li>"shutdown" reports that cross-site scripting + (XSS) attacks could be performed using the construct + XPCNativeWrapper(window).Function(...), which created a function that + appeared to belong to the window in question even after it had been + navigated to the target site.</li> + <li>"shutdown" reports that scripts + granting the UniversalBrowserRead privilege can leverage that into the + equivalent of the far more powerful UniversalXPConnect since they are + allowed to "read" into a privileged context.</li> + <li>"moz_bug_r_a4" + discovered that Named JavaScript functions have a parent object created + using the standard Object() constructor (ECMA-specified behavior) and + that this constructor can be redefined by script (also ECMA-specified + behavior).</li> + <li>Igor Bukanov and shutdown found additional places + where an untimely garbage collection could delete a temporary object + that was in active use.</li> + <li>Georgi Guninski found potential + integer overflow issues with long strings in the toSource() methods of + the Object, Array and String objects as well as string function + arguments.</li> + <li>H. D. Moore reported a testcase that was able to + trigger a race condition where JavaScript garbage collection deleted a + temporary variable still being used in the creation of a new Function + object.</li> + <li>A malicious page can hijack native DOM methods on a + document object in another domain, which will run the attacker's script + when called by the victim page.</li> + <li>Secunia Research has + discovered a vulnerability which is caused due to an memory corruption + error within the handling of simultaneously happening XPCOM events. + This leads to use of a deleted timer object.</li> + </ul> + </description> + <impact type="normal"> + <p> + A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Mozilla Thunderbird users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.5"</code> + <p> + All Mozilla Thunderbird binary users should upgrade to the latest + version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.5"</code> + </resolution> + <references> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113">CVE-2006-3113</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802">CVE-2006-3802</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803">CVE-2006-3803</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804">CVE-2006-3804</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805">CVE-2006-3805</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806">CVE-2006-3806</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807">CVE-2006-3807</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809">CVE-2006-3809</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810">CVE-2006-3810</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811">CVE-2006-3811</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812">CVE-2006-3812</uri> + </references> + <metadata tag="requester" timestamp="Fri, 28 Jul 2006 14:37:07 +0000"> + DerCorny + </metadata> + <metadata tag="submitter" timestamp="Fri, 28 Jul 2006 18:08:55 +0000"> + dizzutch + </metadata> + <metadata tag="bugReady" timestamp="Thu, 03 Aug 2006 16:54:43 +0000"> + DerCorny + </metadata> +</glsa> |