Author: jmm-guest Date: 2005-09-25 01:31:47 +0000 (Sun, 25 Sep 2005) New Revision: 2174 Modified: data/DTSA/advs/18-thunderbird.adv Log: update the rest of the CVEs Modified: data/DTSA/advs/18-thunderbird.adv ==================================================================--- data/DTSA/advs/18-thunderbird.adv 2005-09-25 01:28:53 UTC (rev 2173) +++ data/DTSA/advs/18-thunderbird.adv 2005-09-25 01:31:47 UTC (rev 2174) @@ -4,7 +4,7 @@ vuln-type: multiple problem-scope: remote/local debian-specifc: yes/no -cve: CAN-2005-0989, CAN-2005-1159 +cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989 vendor-advisory: testing-fix: xxx sid-fix: xxx @@ -12,12 +12,38 @@ xxx multiline description here +CAN-2005-2968 + Thunderbird incorrectly escapes commands in input, fed to it through + the --compose option, which could lead to execution of arbitrary + shell commands. + +CAN-2005-2266 + Child frames may access parental frames, even if these are in + different access domains and may lead to information leakage of + cookies or pass words. + +CAN-2005-2265 + Incorrect type checks in InstallVersion.compareTo may lead to a + denial-of-service attack or possibly execution of arbitrary code. + +CAN-2005-2261 + XBL scripts are even run, if Javascript has been disabled. + +CAN-2005-1532 + Javascript is inproperly limits its privileges to the calling + context, which could lead to "non-DOM privilege override". + +CAN-2005-1160 + Overriding properties/methods of DOM nodes could lead to execution + of code with extended "chrome" privileges. + +CAN-2005-1159 + Native function implementations are not verified, causing Javascript + execution at improper memory addresses allowing denial of service and + potentially arbitrary code execution + CAN-2005-0989 The find_replen function in the Javascript engine allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. -CAN-2005-1159 - Native function implementations are not verified, causing Javascript - execution at improper memory addresses allowing denial of service and - potentially arbitrary code execution