Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Thunderbird
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Thunderbird
ID: USN-668-1
Distribution: Ubuntu
Plattformen: Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04 LTS, Ubuntu 8.10
Datum: Mi, 26. November 2008, 02:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024
Applikationen: Mozilla Thunderbird

Originalnachricht

 

--===============6561509714842908233==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="i0/AhcQY5QxfSsSZ"
Content-Disposition: inline


--i0/AhcQY5QxfSsSZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-668-1          November 26, 2008
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mozilla-thunderbird            
 1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1

Ubuntu 7.10:
  thunderbird                     2.0.0.18+nobinonly-0ubuntu0.7.10.1

Ubuntu 8.04 LTS:
  thunderbird                     2.0.0.18+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
  thunderbird                     2.0.0.18+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin
check in Thunderbird could be bypassed. If a user were tricked into opening a
malicious website, an attacker could obtain private information from data
stored in the images, or discover information about software on the user's
computer. (CVE-2008-5012)

Jesse Ruderman discovered that Thunderbird did not properly guard locks on
non-native objects. If a user had JavaScript enabled and were tricked into
opening malicious web content, an attacker could cause a browser crash and
possibly execute arbitrary code with user privileges. (CVE-2008-5014)

Several problems were discovered in the browser, layout and JavaScript engines.
If a user had JavaScript enabled, these problems could allow an attacker to
crash Thunderbird and possibly execute arbitrary code with user privileges.
(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)

A flaw was discovered in Thunderbird's DOM constructing code. If a user
 were
tricked into opening a malicious website while having JavaScript enabled, an
attacker could cause the browser to crash and potentially execute arbitrary
code with user privileges. (CVE-2008-5021)

It was discovered that the same-origin check in Thunderbird could be bypassed.
If a user had JavaScript enabled and were tricked into opening malicious web
content, an attacker could execute JavaScript in the context of a different
website. (CVE-2008-5022)

Chris Evans discovered that Thunderbird did not properly parse E4X documents,
leading to quote characters in the namespace not being properly escaped.
(CVE-2008-5024)

Boris Zbarsky discovered that Thunderbird did not properly process comments in
forwarded in-line messages. If a user had JavaScript enabled and opened a
malicious email, an attacker may be able to obtain information about the
recipient.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1.diff.gz
      Size/MD5:   457747 5be26d3cef591840492433f185583342
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1.dsc
      Size/MD5:     1050 acdea9524f1032205f824a34c32fa32b
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h.orig.tar.gz
      Size/MD5: 38282434 866e2b43ffe7104b1c89bda05e356682

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:  3593924 734eb2f52a14613367a90ae4c4b8026d
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   194994 90981d85a8d481e4431703db75ca458f
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:    60232 86620a82daec53aa2d2e505c3edf0983
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_amd64.deb
      Size/MD5: 12119884 975100452004c7d100cafa8aed7ae944

  i386 architecture (x86 compatible Intel/AMD):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_i386.deb
      Size/MD5:  3587646 7c927ab551b0d33e7f396ddf176dcd45
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   188410 de95ae96f922ee542665993be9827688
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_i386.deb
      Size/MD5:    55744 2952cfffd570f441bf673b32712c3ca3
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_i386.deb
      Size/MD5: 10391486 02fe2861b698f90c0b566546db77a0f7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:  3592840 65503afbd7da3ff4ea329563931908bc
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   191710 68a5253aa46db2b1c93d1dc6e5880b78
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:    59396 83d304bcc37a8dc24d9a7108942405af
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5: 11674796 522acde9e08452dfe397177df7f5f896

  sparc architecture (Sun SPARC/UltraSPARC):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:  3589436 55ca969d5c1c2f943589754e36f627d0
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   189168 ac79670d7f3bb13d9f9374c9e17a9468
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:    57240 79c5fe16bd0c663adde9cb39161208d5
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1_sparc.deb
      Size/MD5: 10867254 6646c393a0ca6317949564f028ff2eef

Updated packages for Ubuntu 7.10:

  Source archives:

    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1.diff.gz
      Size/MD5:   125726 f122c1aa395b0b0648a58e655c016edb
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1.dsc
      Size/MD5:     1683 084e263ab828f9a0388165e220280e0e
    thunderbird_2.0.0.18+nobinonly.orig.tar.gz
      Size/MD5: 37875008 7f0f8a6bc1bafe30ac54aa544ba2bd01

  Architecture independent packages:

    mozilla-thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.7.10.1_all.deb
      Size/MD5:    60170 e13a6f2c009792ced96009e23c7697de
    mozilla-thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1_all.deb
      Size/MD5:    60158 ebfe1be8932394798c81eb459be3272f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:  3778158 e85d5ee4752da39491093e0a20e9f388
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    85340 083c31d50e54b78553364ba814b96241
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 12430446 c56dcd7c579dcff72c25f153c366c048

  i386 architecture (x86 compatible Intel/AMD):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  3766478 7935f84ecb8d0e56aa9ce9ce8b9eda6f
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    80678 808e4bb9ca5d57363ec07d6ddf1ebaf0
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5: 10998112 50d2b60d8776cb2bdb07eb0a7207df81

  lpia architecture (Low Power Intel Architecture):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  3763980 e19ec403dba2baf1e243a080ade7db8d
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    80410 56d0d503fdd06c86467722fb5f10cc44
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5: 10839356 5d0b3df2b81fcccf64d4d8b613d2b364

  powerpc architecture (Apple Macintosh G3/G4/G5):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:  3781972 b33e6f468168b3fc9344d5d494c6810d
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    83714 e7fa740895db98224490099b2bbb38b1
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 12273664 cd5782bcfdc8c5bbe6ecbbda4e912718

  sparc architecture (Sun SPARC/UltraSPARC):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  3764092 a49545c0f7907ba760544f4b7a925dc1
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    80100 9b8f94e80c64e52c72c588fda7807700
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5: 11267210 21ad9196a67145c40187914cc266e3a4

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1.diff.gz
      Size/MD5:   129281 da22d925bea92f49027b3fd48a31d83d
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1.dsc
      Size/MD5:     1681 790e1b1aac02660f0885710cfef219f2
    thunderbird_2.0.0.18+nobinonly.orig.tar.gz
      Size/MD5: 37875008 7f0f8a6bc1bafe30ac54aa544ba2bd01

  Architecture independent packages:

    mozilla-thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    60452 d135c0defb5ccbd92fb0d1858cefe2e3
    mozilla-thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    60444 799296d38875d3571d0b2f0bd178dcca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  3779130 d9171422a427701a97a9e6ac4b5fc46f
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:    85340 afdea56f4073c4028136a63b6e68dd3b
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5: 12411688 02702c51c27743dfdee0825e8fe67a75

  i386 architecture (x86 compatible Intel/AMD):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  3766724 d75459604954adb12e3c334f36743cef
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:    80746 1901789aeb4dfb7a7acee04783a6e01c
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5: 10981948 9cf74eaa67fe16b16560cd84f29e9235

  lpia architecture (Low Power Intel Architecture):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  3764472 aaa8c89450712d7891c228bad111e444
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:    80472 58e5d6a22149464d1582e79eae070493
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5: 10830106 6f30f4c7cbc65b28272a40bb6cb8b3e8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  3782746 f74ff19d91f58a41d8db3aac9a00111a
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    83734 101b03d9c892543fe05cd0ef443b2eb9
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5: 12255198 8c184358831c40a9eb2bab9ee35a846b

  sparc architecture (Sun SPARC/UltraSPARC):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:  3764824 46f91e75caaf854ab7ec9bf705499848
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:    80196 fa09830f1e113ed94f95ba61bd3592dc
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5: 11256224 651a9b6319ccf302d934c92482f28bd5

Updated packages for Ubuntu 8.10:

  Source archives:

    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1.diff.gz
      Size/MD5:   129745 e30f2f080f6dcb2eaccb6c0a4eff805a
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1.dsc
      Size/MD5:     1663 391709b683e1293623ebe172b7f593bf
    thunderbird_2.0.0.18+nobinonly.orig.tar.gz
      Size/MD5: 37875008 7f0f8a6bc1bafe30ac54aa544ba2bd01

  Architecture independent packages:

    mozilla-thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    60712 5cca6c8dd8b574f3d936286dbca73656
    mozilla-thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    60702 906970f27ce5f8ccecb5db25e474d5cd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:  3736630 737cdd5464d5a714ff6c531bf2902e74
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    85462 99f70751eaaa0323516da9a523a78bf6
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5: 12431140 fcd9c500becd6832992ead0616663117

  i386 architecture (x86 compatible Intel/AMD):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:  3720182 d495d41fe16647f2fc26e102c4947267
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    81038 b04aefe5ee83a3b677c2a6b0c21aaa68
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5: 11039066 8b81b6a53e7747a17d4d1c672bbc8ff5

  lpia architecture (Low Power Intel Architecture):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:  3717682 c58eac9c7dbbc2a4033541b9553ea123
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    80742 77a7ccb93016d2193ea001f23fce744b
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5: 10859414 74ff27928474bc2ad399d113dfe1fe0c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:  3735310 06562d5a6c924dca5a7e1703128e358c
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    83906 608aed74906e5a6aa90e3b9bd11dc2ce
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5: 12210268 da7e451833a317478d41813cd12c1881

  sparc architecture (Sun SPARC/UltraSPARC):

    thunderbird-dev_2.0.0.18+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:  3723218 868153e81df604ccce5f13e95dc5c905
    thunderbird-gnome-support_2.0.0.18+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    80778 2a20895e6545b8510ca6799009f826bd
    thunderbird_2.0.0.18+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5: 11186020 c6cab348d4f39f1bf05f521975908885



--i0/AhcQY5QxfSsSZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkspp4ACgkQW0JvuRdL8BoaggCePLpiC7eOUskC0toz4tqH3bSx
knwAn3r00r0LhSCfa7mdCnEh7t3V2gpj
=dCla
-----END PGP SIGNATURE-----

--i0/AhcQY5QxfSsSZ--


--===============6561509714842908233==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6561509714842908233==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung