exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 701-2

Ubuntu Security Notice 701-2
Posted Jan 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine.

tags | advisory, javascript
systems | linux, ubuntu
advisories | CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512
SHA-256 | b6cca8b4a0ada9843a17cd60ca12f09f4ce7f003175d38b562b60e18b3b1077d

Ubuntu Security Notice 701-2

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-701-2 January 06, 2009
mozilla-thunderbird vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507,
CVE-2008-5508, CVE-2008-5511, CVE-2008-5512
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Several flaws were discovered in the browser engine. If a user had Javascript
enabled, these problems could allow an attacker to crash Thunderbird and
possibly execute arbitrary code with user privileges. (CVE-2008-5500)

Boris Zbarsky discovered that the same-origin check in Thunderbird could be
bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an
attacker could exploit this to read data from other domains. (CVE-2008-5503)

Marius Schilder discovered that Thunderbird did not properly handle redirects
to an outside domain when an XMLHttpRequest was made to a same-origin resource.
When Javascript is enabled, it's possible that sensitive information could be
revealed in the XMLHttpRequest response. (CVE-2008-5506)

Chris Evans discovered that Thunderbird did not properly protect a user's data
when accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website and had Javascript enabled, an attacker may be able to steal a limited
amount of private data. (CVE-2008-5507)

Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered
Thunderbird did not properly parse URLs when processing certain control
characters. (CVE-2008-5508)

Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website and had Javascript enabled, an attacker could
exploit this to execute arbitrary Javascript code within the context of another
website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1.diff.gz
Size/MD5: 457871 6708c462f15f2f2a6baff4e29c89f30a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1.dsc
Size/MD5: 1050 afa2249f6dc30aab41be123a9dc4ee37
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i.orig.tar.gz
Size/MD5: 38496066 4cfc246095c4d0aed823957286b3d78e

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 3594116 be08ab02c9d79056d6633df8204ac697
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 195036 3388af5706c609fd857af0b4c83baaaf
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 60284 e48244b6f33777de63390a186f00a587
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 12121434 1874cff31d6f97f46d44b7912d8a209e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_i386.deb
Size/MD5: 3587984 87ca4cd810a3aef5f0031f87fe2b4093
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_i386.deb
Size/MD5: 188476 6067997901bf2298f86f154ed75605de
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_i386.deb
Size/MD5: 55808 9223b79d4b57a4288723fb9247f09016
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_i386.deb
Size/MD5: 10391474 2dae030db3d78d5eeea2d2b262017083

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 3593172 2ca154973ea6df8fb00cac0f50e791a8
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 191762 81d133d1bfeb70d377692fd49d5ea9c1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 59440 bbc9361554b79c69d08ac62b79508199
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 11676430 300ce0fabdf9530f0a4a748755deb9be

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 3589802 4851d549ab3f7b89eb130435941b145a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 189224 6f81dcb50c903107106edf511564f82b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 57298 06ba7f5f613f0d28457ac9c89366e4a5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 10869132 496a8efbcdbdf4e709c58aa4101d2d62


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close