Welcome to Gaia! ::

can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially to compromise a user's system.


--============== 83437131=Content-Type: multipart/alternative; boundary�1636988a0b590640046e1bea64

--001636988a0b590640046e1bea64
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-99 security@pardus.org.tr
------------------------------------------------------------------------

Date: 2009-07-07
Severity: 4
Type: Remote
------------------------------------------------------------------------

Summary
======
Some vulnerabilities have been reported in Mozilla Thunderbird, which

can be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting and cross-site request
forgery attacks, and potentially to compromise a user's system.


Description
==========
1) Multiple errors in the browser engine can be exploited to corrupt
memory and potentially execute arbitrary code.

2) Multiple errors in the JavaScript engine can be exploited to corrupt

memory and potentially execute arbitrary code.

3) An error exists when the "jar:" scheme is used to wrap a URI, which
serves content with "Content-Disposition: attachment". This can be

exploited to e.g. conduct cross-site scripting attacks on sites that
allow users to upload arbitrary content, which is served as
"application/java-archive" or "application/x-jar", and that rely on the

HTTP header "Content-Disposition: attachment" to prevent potentially
untrusted content.

4) An error when loading a Adobe Flash file via the "view-source:"
scheme can be exploited to conduct cross-site request forgery attacks or

read and write Local Shared Objects on a user's system e.g. for tracking
purposes.

5) An error in the processing of XBL bindings can be exploited to
conduct script insertion attacks on sites that allow user to embed

third-party stylesheets.

6) Errors in "XMLHttpRequest" and "XPCNativeWrapper.toString" can be
exploited to bypass the same-origin policy and potentially execute code
with chrome privileges.

7) A race condition exists when accessing the private data of an
NPObject JS wrapper class object if navigating away from a web page
while loading a Java applet. This can be exploited via a specially

crafted web page to use already freed memory.

cool Multiple errors in the browser engine can be exploited to corrupt
memory and potentially execute arbitrary code.

9) An unspecified error can be exploited to trigger double frame

constructions, which could corrupt memory. This can potentially be
exploited to execute arbitrary code.

10) Multiple errors in the JavaScript engine can be exploited to corrupt
memory and potentially execute arbitrary code.

11) An error in the handling of certain invalid unicode characters, when
used as part of an IDN (internationalized domain name), can be exploited
to spoof the location bar.

12) An error in the handling of "file:" URIs can be exploited to access

any domain's cookies saved on the local machine.

13) An error in the handling of non-200 responses after a CONNECT
request to a proxy can be exploited to execute arbitrary HTML and script
code in the requested SSL-protected domain.

14) Successful exploitation requires a MitM (Man-in-the-Middle) attack
and that the victim uses a proxy.

15) The owner document of an element can become null after garbage
collection. This can be exploited via event handlers to execute

arbitrary Javascript code with chrome privileges.

16) An error when loading a "file:" resource via the location bar can
potentially be exploited to access the content of other local files,
which would normally be protected.

17) Successful exploitation requires that a victim downloads a specially
crafted document, and opens a local file before opening the malicious
document in the same browser window.

1 cool A security issue exists due to improper checks of content-loading

policies before loading external script files into XUL documents.

19) A vulnerability exists due to an error when a chrome privileged
object (e.g. the browser sidebar or the FeedWriter) interacts with web

content. This can be exploited to execute arbitrary code with an
object's chrome privileges.



Affected packages:

Pardus 2008:
thunderbird, all before 2.0.0.22-45-9



Resolution
=========
There are update(s) for thunderbird. You can update them via Package
Manager or with a single command from console:

pisi up thunderbird

References
=========
* http://bugs.pardus.org.tr/show_bug.cgi?id–27
* http://www.mozilla.org/security/announce/2009/mfsa2009-14.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-19.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-27.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-31.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1302

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1303
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1304

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1305
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1306

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1307
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1308

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1309
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1392

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1832
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1833

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1836
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1838

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1840
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1841

* http://secunia.com/advisories/34780
* http://secunia.com/advisories/35440