TITLE:
Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22770
VERIFY ADVISORY:
http://secunia.c
om/advisories/22770/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 1.5.x
http://secunia.com/p
roduct/4652/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla
Thunderbird,
which
can be exploited by malicious people to bypass certain
security
restrictions, conduct cross-site scripting attacks, and
potentially
compromise a vulnerable system.
1) The bundled Network Security Services (NSS) library
contains
an
incomplete fix for the RSA signature verification
vulnerability
reported in MFSA 2006-60.
For more information:
SA21903
2) An error exists within the handling of Script objects.
This
can be
potentially be exploited to execute arbitrary JavaScript
bytecode by
modifying already running Script objects.
Successful exploitation requires that JavaScript is enabled.
3) Some unspecified errors in the layout engine and memory
corruption
errors in the JavaScript engine can be exploited to crash
the
application and may allow the execution of arbitrary code.
Successful exploitation of some of these vulnerabilities
requires
that JavaScript is enabled.
4) An unspecified error within XML.prototype.hasOwnProperty
can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Mozilla Thunderbird 1.5.0.8.
ORIGINAL ADVISORY:
MFSA 2006-65:
http://www.mozilla.org/security/announce/2006/mfsa
2006-65.html
MFSA 2006-66:
http://www.mozilla.org/security/announce/2006/mfsa
2006-66.html
MFSA 2006-67:
http://www.mozilla.org/security/announce/2006/mfsa
2006-67.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|