Author: joeyh
Date: 2005-08-28 20:00:41 +0000 (Sun, 28 Aug 2005)
New Revision: 1706
Added:
data/DTSA/DTSA-9-1
data/DTSA/advs/9-mozilla-thunderbird.adv
Modified:
data/DTSA/list
Log:
and thunderbird
Added: data/DTSA/DTSA-9-1
==================================================================---
data/DTSA/DTSA-9-1 2005-08-28 19:59:20 UTC (rev 1705)
+++ data/DTSA/DTSA-9-1 2005-08-28 20:00:41 UTC (rev 1706)
@@ -0,0 +1,87 @@
+------------------------------------------------------------------------------
+Debian Testing Security Advisory DTSA-9-1 http://secure-testing.debian.net
+secure-testing-team@lists.alioth.debian.org Joey Hess
+August 28th, 2005
+------------------------------------------------------------------------------
+
+Package : mozilla-thunderbird
+Vulnerability : several vulnerabilities
+Problem-Scope : remote
+Debian-specific: No
+CVE ID : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532
CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270
+
+Several problems have been discovered in Mozilla Thunderbird, the standalone
+mail client of the Mozilla suite. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CAN-2005-0989
+
+Remote attackers could read portions of heap memory into a Javascript string
+via the lambda replace method.
+
+CAN-2005-1159
+
+The Javascript interpreter could be tricked to continue execution at the
+wrong memory address, which may allow attackers to cause a denial of service
+(application crash) and possibly execute arbitrary code.
+
+CAN-2005-1160
+
+Remote attackers could override certain properties or methods of DOM nodes
+and gain privileges.
+
+CAN-2005-1532
+
+Remote attackers could override certain properties or methods due to missing
+proper limitation of Javascript eval and Script objects and gain privileges.
+
+CAN-2005-2261
+
+XML scripts ran even when Javascript was disabled.
+
+CAN-2005-2265
+
+Missing input sanitising of InstallVersion.compareTo() can cause the
+application to crash.
+
+CAN-2005-2266
+
+Remote attackers could steal sensitive information such as cookies and
+passwords from web sites by accessing data in alien frames.
+
+CAN-2005-2269
+
+Remote attackers could modify certain tag properties of DOM nodes that could
+lead to the execution of arbitrary script or code.
+
+CAN-2005-2270
+
+The Mozilla browser family does not properly clone base objects, which allows
+remote attackers to execute arbitrary code.
+
+For the testing distribution (etch) this is fixed in version
+1.0.2-3etch1
+
+For the unstable distribution (sid) this is fixed in version
+1.0.6-3
+
+This upgrade is recommended if you use mozilla-thunderbird.
+
+Upgrade Instructions
+--------------------
+
+To use the Debian testing security archive, add the following lines to
+your /etc/apt/sources.list:
+
+deb http://secure-testing.debian.net/debian-security-updates
etch-proposed-updates/security-updates main contrib non-free
+deb-src http://secure-testing.debian.net/debian-security-updates
etch-proposed-updates/security-updates main contrib non-free
+
+The archive signing key can be downloaded from
+http://secure-testing.debian.net/ziyi-2005-7.asc
+
+To install the update, run this command as root:
+
+apt-get update && apt-get install mozilla-thunderbird
+
+For further information about the Debian testing security team, please refer
+to http://secure-testing.debian.net/
Added: data/DTSA/advs/9-mozilla-thunderbird.adv
==================================================================---
data/DTSA/advs/9-mozilla-thunderbird.adv 2005-08-28 19:59:20 UTC (rev 1705)
+++ data/DTSA/advs/9-mozilla-thunderbird.adv 2005-08-28 20:00:41 UTC (rev 1706)
@@ -0,0 +1,59 @@
+dtsa: DTSA-9-1
+source: mozilla-thunderbird
+date: August 28th, 2005
+author: Joey Hess
+vuln-type: several vulnerabilities
+problem-scope: remote
+debian-specific: no
+cve: CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261
CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270
+testing-fix: 1.0.2-3etch1
+sid-fix: 1.0.6-3
+
+Several problems have been discovered in Mozilla Thunderbird, the standalone
+mail client of the Mozilla suite. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CAN-2005-0989
+
+ Remote attackers could read portions of heap memory into a Javascript string
+ via the lambda replace method.
+
+CAN-2005-1159
+
+ The Javascript interpreter could be tricked to continue execution at the
+ wrong memory address, which may allow attackers to cause a denial of service
+ (application crash) and possibly execute arbitrary code.
+
+CAN-2005-1160
+
+ Remote attackers could override certain properties or methods of DOM nodes
+ and gain privileges.
+
+CAN-2005-1532
+
+ Remote attackers could override certain properties or methods due to missing
+ proper limitation of Javascript eval and Script objects and gain privileges.
+
+CAN-2005-2261
+
+ XML scripts ran even when Javascript was disabled.
+
+CAN-2005-2265
+
+ Missing input sanitising of InstallVersion.compareTo() can cause the
+ application to crash.
+
+CAN-2005-2266
+
+ Remote attackers could steal sensitive information such as cookies and
+ passwords from web sites by accessing data in alien frames.
+
+CAN-2005-2269
+
+ Remote attackers could modify certain tag properties of DOM nodes that could
+ lead to the execution of arbitrary script or code.
+
+CAN-2005-2270
+
+ The Mozilla browser family does not properly clone base objects, which allows
+ remote attackers to execute arbitrary code.
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2005-08-28 19:59:20 UTC (rev 1705)
+++ data/DTSA/list 2005-08-28 20:00:41 UTC (rev 1706)
@@ -1,3 +1,6 @@
+[28 Aug 2005] DTSA-9-1 mozilla-thunderbird - several vulnerabilities
+ - mozilla-thunderbird 1.0.2-3etch1
+ NOTE: joeyh working on it
[28 Aug 2005] DTSA-8-1 mozilla-firefox - several vulnerabilities
- mozilla-firefox 1.0.4-2sarge2
NOTE: joeyh working on it
@@ -24,6 +27,3 @@
[26 Aug 2005] DTSA-1-1 kismet - remote code execution
{CAN-2005-2626 CAN-2005-2627}
- kismet 2005.08.R1-0.1etch1 (high)
-NOTE: joeyh investingating doing mozilla-* (probably just copying the DSAs
-NOTE: packages as testing is not updated vs stable at all for mozilla-*,
-NOTE: except for thunderbird)