LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Pardus: Thunderbird: Multiple Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially to compromise a user's system.

--==============	83437131=Content-Type: multipart/alternative; boundary1636988a0b590640046e1bea64

--001636988a0b590640046e1bea64
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-99            security@pardus.org.tr
------------------------------------------------------------------------

      Date: 2009-07-07
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
======
Some vulnerabilities have been reported in Mozilla  Thunderbird,  which

can  be exploited  by  malicious  people  to  bypass  certain  security
restrictions,  conduct cross-site  scripting  and  cross-site  request
forgery attacks, and potentially to compromise a user's system.


Description
==========
1) Multiple errors in the browser engine can be  exploited  to  corrupt
memory and potentially execute arbitrary code.

2) Multiple errors in the JavaScript engine can be exploited to corrupt

memory and potentially execute arbitrary code.

3) An error exists when the "jar:" scheme is used to wrap a URI,  which
serves content with  "Content-Disposition:  attachment".  This  can  be

exploited to e.g. conduct cross-site scripting attacks  on  sites  that
allow  users to  upload  arbitrary  content,  which   is   served   as
"application/java-archive" or "application/x-jar", and that rely on the

HTTP header "Content-Disposition: attachment"  to  prevent  potentially
untrusted content.

4) An error when loading a Adobe  Flash  file  via  the  "view-source:"
scheme can be exploited to conduct cross-site request forgery attacks or

read and write Local Shared Objects on a user's system e.g. for tracking
purposes.

5) An error in the processing of  XBL  bindings  can  be  exploited  to
conduct script insertion attacks on sites  that  allow  user  to  embed

third-party stylesheets.

6) Errors in "XMLHttpRequest" and  "XPCNativeWrapper.toString"  can  be
exploited to bypass the same-origin policy and potentially execute code
with chrome privileges.

7) A race condition exists  when  accessing  the  private  data  of  an
NPObject JS wrapper class object if navigating away  from  a  web  page
while loading a Java applet. This can  be  exploited  via  a  specially

crafted web page to use already freed memory.

8) Multiple errors in the browser engine can be  exploited  to  corrupt
memory and potentially execute arbitrary code.

9) An unspecified error  can  be  exploited  to  trigger  double  frame

constructions, which could corrupt  memory.  This  can  potentially  be
exploited to execute arbitrary code.

10) Multiple errors in the JavaScript engine can be exploited to corrupt
memory and potentially execute arbitrary code.

11) An error in the handling of certain invalid unicode characters, when
used as part of an IDN (internationalized domain name), can be exploited
to spoof the location bar.

12) An error in the handling of "file:" URIs can be exploited to access

any domain's cookies saved on the local machine.

13) An error in the handling  of  non-200  responses  after  a  CONNECT
request to a proxy can be exploited to execute arbitrary HTML and script
code in the requested SSL-protected domain.

14) Successful exploitation requires a MitM (Man-in-the-Middle)  attack
and that the victim uses a proxy.

15) The owner document of an element  can  become  null  after  garbage
collection.  This can  be  exploited  via  event  handlers  to  execute

arbitrary Javascript code with chrome privileges.

16) An error when loading a "file:" resource via the location  bar  can
potentially be exploited to access the content of  other  local  files,
which would normally be protected.

17) Successful exploitation requires that a victim downloads a specially
crafted document, and opens a local file before opening  the  malicious
document in the same browser window.

18) A security issue exists due to improper checks  of  content-loading

policies before loading external script files into XUL documents.

19) A vulnerability exists due to an error  when  a  chrome  privileged
object (e.g. the browser sidebar or the FeedWriter) interacts with  web

content. This can be  exploited  to  execute  arbitrary  code  with  an
object's chrome privileges.



Affected packages:

  Pardus 2008:
    thunderbird, all before 2.0.0.22-45-9



Resolution
=========
There are update(s) for thunderbird. You can update  them  via  Package
Manager or with a single command from console:

    pisi up thunderbird

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?idľ27
  * http://www.mozilla.org/security/announce/2009/mfsa2009-14.html

  * http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
  * http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

  * http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
  * http://www.mozilla.org/security/announce/2009/mfsa2009-19.html

  * http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
  * http://www.mozilla.org/security/announce/2009/mfsa2009-27.html

  * http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
  * http://www.mozilla.org/security/announce/2009/mfsa2009-31.html

  * http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1302

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1303
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1304

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1305
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1306

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1307
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1308

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1309
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1392

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1832
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1833

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1836
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1838

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1840
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1841

  * http://secunia.com/advisories/34780
  * http://secunia.com/advisories/35440
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.