drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Thunderbird (Fedora Core 3)
Name: |
Mehrere Probleme in Thunderbird (Fedora Core 3)
|
|
ID: |
FEDORA-2005-604 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora Core 3 |
|
Datum: |
Mi, 20. Juli 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270 |
|
Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-604 2005-07-20 ---------------------------------------------------------------------
Product : Fedora Core 3 Name : thunderbird Version : 1.0.6 Release : 1.1.fc3 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------- Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and Exposures project has assigned this bug the name CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related JavaScript objects. A malicious HTML mail could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM nodes from the content window. An HTML message could install malicious JavaScript code or steal data when a user performs commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript executed from HTML mail should run with a restricted access level, preventing dangerous actions. It is possible that a malicious HTML mail could execute JavaScript code with elevated privileges, allowing access to protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls. It is possible for a malicious HTML mail to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript functions. It is possible for a malicious HTML mail to crash the client by executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible for a malicious framed HTML mail to steal sensitive information from its parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is possible for a malicious HTML mail to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible for HTML content to navigate up the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.6 and is not vulnerable to these issues. --------------------------------------------------------------------- * Wed Jul 20 2005 Christopher Aillon <caillon@redhat.com> 1.0.6-1.1.fc3 - Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon <caillon@redhat.com> 1.0.6-0.1.fc3 - 1.0.6 Release Candidate
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
e060dd6ce427541531cc40c28a678643 SRPMS/thunderbird-1.0.6-1.1.fc3.src.rpm 617b9df6931ff067e896d29399849df0 x86_64/thunderbird-1.0.6-1.1.fc3.x86_64.rpm 8bcb33b02ad164e499e4109dc6909caa x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.x86_64.rpm 2781375f4ff5c6280692d573787f5064 i386/thunderbird-1.0.6-1.1.fc3.i386.rpm 774d64ba857b9c430c3ae87471bc68f6 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------
-- fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
|
|