MDKSA-2005:174

Package name

mozilla-thunderbird

Date

2005-10-06

Advisory ID

MDKSA-2005:174

Affected versions

2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

Updated Mozilla Thunderbird packages fix various vulnerabilities: The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CAN-2005-2353). A bug in the way Thunderbird processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CAN-2005-2701). A bug in the way Thunderbird handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CAN-2005-2702). A bug in the way Thunderbird makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CAN-2005-2703). A bug in the way Thunderbird implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CAN-2005-2704). An integer overflow in Thunderbird's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CAN-2005-2705). A bug in the way Thunderbird displays about: pages could be used to execute JavaScript with chrome privileges (CAN-2005-2706). A bug in the way Thunderbird opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CAN-2005-2707). A bug in the way Thunderbird proceesed URLs on the command line could be used to execute arbitary commands as the user running Thunderbird; this could be abused by clicking on a supplied link, such as from an instant messaging client (CAN-2005-2968). Tom Ferris reported that Thunderbird would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non-wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CAN-2005-2871). The updated packages have been patched to correct these issues.

Updated packages

2006.0 i586

 af3330f345b3b92307550a57fb7efa80  2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.i586.rpm
9ad77bad0b6c6033e063ed21a8a2cb0b  2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.i586.rpm
141909e4e4676c0c8a5525a3e3eb921d  2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.i586.rpm
b1db5880eb9ac8792a2f25e547343607  2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm

10.2 i586

 f409c24fe8d4f732a99fff51f9223191  10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.i586.rpm
18250e4ac4d580a595eaeb16fd3b0171  10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.i586.rpm
cbfb90b65746b4fbc0848ddbd01395bf  10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.i586.rpm
aa450bd7d1b82425eeef6506f90f5fb4  10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.i586.rpm
5320178037176424f209415c3862d014  10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm

10.2 x86_64

 07fa1df593b92831b9f6d1a32b0b3362  x86_64/10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.x86_64.rpm
ca26795c32146dd1ace798189588029f  x86_64/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.x86_64.rpm
7757608ffe4e89d285bc001bdc8851cb  x86_64/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.x86_64.rpm
8c386f18a449d78d3917dca387624933  x86_64/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.x86_64.rpm
5320178037176424f209415c3862d014  x86_64/10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm

2006.0 x86_64

 b7e7527e98969ff677e2caf013a84ab7  x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.x86_64.rpm
87ca5eace6c6823cda7efac54ffe5945  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.x86_64.rpm
8305e439803991791ca1aff020877274  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.x86_64.rpm
b1db5880eb9ac8792a2f25e547343607  x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2353
• http://www.mozilla.org/security/announce/mfsa2005-59.html
• http://www.mozilla.org/security/announce/mfsa2005-58.html
• http://www.mozilla.org/security/announce/mfsa2005-57.html