[SECURITY] Fedora Core 4 Update: thunderbird-1.0.6-1.1.fc4

Christopher Aillon caillon at redhat.com
Wed Jul 20 19:53:44 UTC 2005


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-606
2005-07-20
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : thunderbird
Version     : 1.0.6                      
Release     : 1.1.fc4                  
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

A bug was found in the way Thunderbird handled anonymous functions during
regular expression string replacement. It is possible for a malicious HTML
mail to capture a random block of client memory. The Common
Vulnerabilities and Exposures project has assigned this bug the name
CAN-2005-0989.

A bug was found in the way Thunderbird validated several XPInstall related
JavaScript objects. A malicious HTML mail could pass other objects to the
XPInstall objects, resulting in the JavaScript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Thunderbird privileged UI code handled DOM
nodes from the content window. An HTML message could install malicious
JavaScript code or steal data when a user performs commonplace actions such
as clicking a link or opening the context menu. (CAN-2005-1160)

A bug was found in the way Thunderbird executed JavaScript code. JavaScript
executed from HTML mail should run with a restricted access level,
preventing dangerous actions. It is possible that a malicious HTML mail
could execute JavaScript code with elevated privileges, allowing access to
protected data and functions. (CAN-2005-1532)

A bug was found in the way Thunderbird executed Javascript in XBL controls.
It is possible for a malicious HTML mail to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Thunderbird handled certain Javascript
functions. It is possible for a malicious HTML mail to crash the client by
executing malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Thunderbird handled child frames. It is possible
for a malicious framed HTML mail to steal sensitive information from its
parent frame. (CAN-2005-2266)

A bug was found in the way Thunderbird handled DOM node names. It is
possible for a malicious HTML mail to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious JavaScript.
(CAN-2005-2269)

A bug was found in the way Thunderbird cloned base objects. It is possible
for HTML content to navigate up the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)

Users of Thunderbird are advised to upgrade to this updated package that
contains Thunderbird version 1.0.6 and is not vulnerable to these issues. 
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon <caillon at redhat.com> 1.0.6-1.1.fc4
- Update to 1.0.6

* Mon Jul 18 2005 Christopher Aillon <caillon at redhat.com> 1.0.6-0.1.fc4
- 1.0.6 Release Candidate


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

51f614a0a887ffb58ce6bbf4f4eb7431  SRPMS/thunderbird-1.0.6-1.1.fc4.src.rpm
fc206b1fd0dccb15da66b2fe3b272175  ppc/thunderbird-1.0.6-1.1.fc4.ppc.rpm
0b94083b2f2415f84069e30c20742ec1  ppc/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.ppc.rpm
38da7902f6e1bcfc45ef688e04a770e8  x86_64/thunderbird-1.0.6-1.1.fc4.x86_64.rpm
1a6bbee24e0559176e19ba1218d91e02  x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.x86_64.rpm
f858562b2d77180acb6d40022fe1c3cd  i386/thunderbird-1.0.6-1.1.fc4.i386.rpm
90cba454ded9c8d4e049262abdea64d2  i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------




More information about the announce mailing list