Author: joeyh Date: 2005-08-28 20:00:41 +0000 (Sun, 28 Aug 2005) New Revision: 1706 Added: data/DTSA/DTSA-9-1 data/DTSA/advs/9-mozilla-thunderbird.adv Modified: data/DTSA/list Log: and thunderbird Added: data/DTSA/DTSA-9-1 ==================================================================--- data/DTSA/DTSA-9-1 2005-08-28 19:59:20 UTC (rev 1705) +++ data/DTSA/DTSA-9-1 2005-08-28 20:00:41 UTC (rev 1706) @@ -0,0 +1,87 @@ +------------------------------------------------------------------------------ +Debian Testing Security Advisory DTSA-9-1 http://secure-testing.debian.net +secure-testing-team@lists.alioth.debian.org Joey Hess +August 28th, 2005 +------------------------------------------------------------------------------ + +Package : mozilla-thunderbird +Vulnerability : several vulnerabilities +Problem-Scope : remote +Debian-specific: No +CVE ID : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270 + +Several problems have been discovered in Mozilla Thunderbird, the standalone +mail client of the Mozilla suite. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CAN-2005-0989 + +Remote attackers could read portions of heap memory into a Javascript string +via the lambda replace method. + +CAN-2005-1159 + +The Javascript interpreter could be tricked to continue execution at the +wrong memory address, which may allow attackers to cause a denial of service +(application crash) and possibly execute arbitrary code. + +CAN-2005-1160 + +Remote attackers could override certain properties or methods of DOM nodes +and gain privileges. + +CAN-2005-1532 + +Remote attackers could override certain properties or methods due to missing +proper limitation of Javascript eval and Script objects and gain privileges. + +CAN-2005-2261 + +XML scripts ran even when Javascript was disabled. + +CAN-2005-2265 + +Missing input sanitising of InstallVersion.compareTo() can cause the +application to crash. + +CAN-2005-2266 + +Remote attackers could steal sensitive information such as cookies and +passwords from web sites by accessing data in alien frames. + +CAN-2005-2269 + +Remote attackers could modify certain tag properties of DOM nodes that could +lead to the execution of arbitrary script or code. + +CAN-2005-2270 + +The Mozilla browser family does not properly clone base objects, which allows +remote attackers to execute arbitrary code. + +For the testing distribution (etch) this is fixed in version +1.0.2-3etch1 + +For the unstable distribution (sid) this is fixed in version +1.0.6-3 + +This upgrade is recommended if you use mozilla-thunderbird. + +Upgrade Instructions +-------------------- + +To use the Debian testing security archive, add the following lines to +your /etc/apt/sources.list: + +deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free +deb-src http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free + +The archive signing key can be downloaded from +http://secure-testing.debian.net/ziyi-2005-7.asc + +To install the update, run this command as root: + +apt-get update && apt-get install mozilla-thunderbird + +For further information about the Debian testing security team, please refer +to http://secure-testing.debian.net/ Added: data/DTSA/advs/9-mozilla-thunderbird.adv ==================================================================--- data/DTSA/advs/9-mozilla-thunderbird.adv 2005-08-28 19:59:20 UTC (rev 1705) +++ data/DTSA/advs/9-mozilla-thunderbird.adv 2005-08-28 20:00:41 UTC (rev 1706) @@ -0,0 +1,59 @@ +dtsa: DTSA-9-1 +source: mozilla-thunderbird +date: August 28th, 2005 +author: Joey Hess +vuln-type: several vulnerabilities +problem-scope: remote +debian-specific: no +cve: CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270 +testing-fix: 1.0.2-3etch1 +sid-fix: 1.0.6-3 + +Several problems have been discovered in Mozilla Thunderbird, the standalone +mail client of the Mozilla suite. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CAN-2005-0989 + + Remote attackers could read portions of heap memory into a Javascript string + via the lambda replace method. + +CAN-2005-1159 + + The Javascript interpreter could be tricked to continue execution at the + wrong memory address, which may allow attackers to cause a denial of service + (application crash) and possibly execute arbitrary code. + +CAN-2005-1160 + + Remote attackers could override certain properties or methods of DOM nodes + and gain privileges. + +CAN-2005-1532 + + Remote attackers could override certain properties or methods due to missing + proper limitation of Javascript eval and Script objects and gain privileges. + +CAN-2005-2261 + + XML scripts ran even when Javascript was disabled. + +CAN-2005-2265 + + Missing input sanitising of InstallVersion.compareTo() can cause the + application to crash. + +CAN-2005-2266 + + Remote attackers could steal sensitive information such as cookies and + passwords from web sites by accessing data in alien frames. + +CAN-2005-2269 + + Remote attackers could modify certain tag properties of DOM nodes that could + lead to the execution of arbitrary script or code. + +CAN-2005-2270 + + The Mozilla browser family does not properly clone base objects, which allows + remote attackers to execute arbitrary code. Modified: data/DTSA/list ==================================================================--- data/DTSA/list 2005-08-28 19:59:20 UTC (rev 1705) +++ data/DTSA/list 2005-08-28 20:00:41 UTC (rev 1706) @@ -1,3 +1,6 @@ +[28 Aug 2005] DTSA-9-1 mozilla-thunderbird - several vulnerabilities + - mozilla-thunderbird 1.0.2-3etch1 + NOTE: joeyh working on it [28 Aug 2005] DTSA-8-1 mozilla-firefox - several vulnerabilities - mozilla-firefox 1.0.4-2sarge2 NOTE: joeyh working on it @@ -24,6 +27,3 @@ [26 Aug 2005] DTSA-1-1 kismet - remote code execution {CAN-2005-2626 CAN-2005-2627} - kismet 2005.08.R1-0.1etch1 (high) -NOTE: joeyh investingating doing mozilla-* (probably just copying the DSAs -NOTE: packages as testing is not updated vs stable at all for mozilla-*, -NOTE: except for thunderbird)