| Revision Date: | 2005-07-21 | Version: | 502 |
| Title: | RHSA-2005:601: thunderbird security update (Important) |
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and Exposures project has assigned this bug the name CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related JavaScript objects. A malicious HTML mail could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM nodes from the content window. An HTML message could install malicious JavaScript code or steal data when a user performs commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript executed from HTML mail should run with a restricted access level, preventing dangerous actions. It is possible that a malicious HTML mail could execute JavaScript code with elevated privileges, allowing access to protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls. It is possible for a malicious HTML mail to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript functions. It is possible for a malicious HTML mail to crash the client by executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible for a malicious framed HTML mail to steal sensitive information from its parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is possible for a malicious HTML mail to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible for HTML content to navigate up the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.6 and is not vulnerable to these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-0989
CVE-2005-1159
CVE-2005-1160
CVE-2005-1532
CVE-2005-2261
CVE-2005-2265
CVE-2005-2266
CVE-2005-2269
CVE-2005-2270
RHSA-2005:601-01
|
| Platform(s): | Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 4 is installed AND thunderbird is earlier than 0:1.0.6-1.4.1
AND thunderbird is signed with Red Hat master key
|