LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: May 20th, 2013
Linux Advisory Watch: May 17th, 2013
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Pardus: 2010-89: Thunderbird: Multiple Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in Thunderbird. 
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-89            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-30
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in Thunderbird.


Description
==========
CVE-2010-1121:

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the  scopes
of DOM nodes that are moved from one document to another, which  allows
remote attackers to conduct use-after-free attacks and execute arbitrary
code via unspecified vectors involving improper interaction with garbage
collection, as demonstrated by Nils during  a  Pwn2Own  competition  at
CanSecWest 2010.



CVE-2010-1196:

Integer overflow in the nsGenericDOMDataNode::SetTextInternal  function
in  Mozilla Firefox  3.5.x  before  3.5.10  and  3.6.x  before  3.6.4,
Thunderbird before 3.0.5, and  SeaMonkey  before  2.0.5  allows  remote
attackers to execute arbitrary code via a DOM node  with  a  long  text
value that triggers a heap-based buffer overflow.



CVE-2010-1199:

Integer overflow in the XSLT node  sorting  implementation  in  Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird  before
3.0.5, and SeaMonkey before 2.0.5 allows remote  attackers  to  execute
arbitrary code via a large text value for a node.



CVE-2010-1200:

Multiple unspecified vulnerabilities in the browser engine  in  Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird  before
3.0.5, and SeaMonkey before 2.0.5 allow remote  attackers  to  cause  a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors.



CVE-2010-1201:

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x
before 3.5.10, Thunderbird before 3.0.5,  and  SeaMonkey  before  2.0.5
allows remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code  via  unknown
vectors.



CVE-2010-1202:

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird  before
3.0.5, and SeaMonkey before 2.0.5 allow remote  attackers  to  cause  a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors.



CVE-2010-1203:

The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote
attackers  to cause  a  denial  of  service  (memory  corruption   and
application crash) or possibly execute arbitrary code via vectors  that
trigger an assertion failure in jstracer.cpp.



Affected packages:

  Pardus 2009:
    thunderbird, all before 3.0.5-53-10


Resolution
=========
There are update(s) for thunderbird. You can update  them  via  Package
Manager or with a single command from console:

    pisi up thunderbird

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id603
  * http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html

------------------------------------------------------------------------
 
< Prev   Next >
    
Partner

 
Latest Features
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Using the sec-wall Security Proxy
Yesterday's Edition
Large Attacks Hide More Subtle Threats In DDoS Data
Pressure mounts for building in security during application development
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2013 Guardian Digital, Inc. All rights reserved.