Bug 145604 - CAN-2004-1316 multiple thunderbird issues (CAN-2005-0142 CAN-2005-0146 CAN-2005-0149)
CAN-2004-1316 multiple thunderbird issues (CAN-2005-0142 CAN-2005-0146 CAN-20...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: thunderbird (Show other bugs)
3
All Linux
medium Severity high
: ---
: ---
Assigned To: Christopher Aillon
impact=important,public=20050120
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-19 20:36 EST by Josh Bressers
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-28 16:26:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-01-19 20:36:55 EST
===================================
Mozilla Security Advisory MSA05-002
===================================

Title:      Opened attachments are temporarily saved world-readable
Severity:   Moderate (on a multiuser computer)
Reporter:   danielk

Fixed in:   Firefox 1.0
            Thunderbird 0.9
            Mozilla Suite 1.7.5

Vulnerable: Firefox 0.9
            Thunderbird 0.6
            Mozilla 1.7


Description
-----------
Mozilla software released after March 2004 saves some temporary files with
world-readable permissions. In the browser this is primarily
content fed to helper applications (for example, PDF files), and in
the mail clients it is attachments.


Workaround
----------
Do not open sensitive mail attachments on a shared multiuser machine.
Upgrade to fixed version


References
----------
https://bugzilla.mozilla.org/show_bug.cgi?id=251297
Comment 1 Josh Bressers 2005-01-19 21:05:57 EST
===================================
Mozilla Security Advisory MSA05-006
===================================

Title:      Heap overrun handling malicious news: URL
Severity:   High
Reporter:   Maurycy Prodeus (iSEC Security Research)

Fixed in:   Thunderbird 0.9
            Mozilla Suite 1.7.5


Description
-----------
Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing
certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox
does not support the news: scheme.

Workaround 
----------
Upgrade to fixed version. 


References
----------
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt 
https://bugzilla.mozilla.org/show_bug.cgi?id=264388
Comment 2 Josh Bressers 2005-01-19 21:08:26 EST
The issue described in comment #1 is CAN-2004-1316
Comment 3 Josh Bressers 2005-01-19 21:15:00 EST
===================================
Mozilla Security Advisory MSA05-008
===================================

Title:      Synthetic middle-click event can steal clipboard contents
Severity:   Moderate
Reporter:   Jesse Ruderman

Fixed in:   Firebird 1.0
            Mozilla Suite 1.7.5


Description
-----------
Script-generated middle-click events can steal clipboard contents
on systems where that action is a paste. Middle-click paste is the
default behavior on Unix systems, and a hidden option elsewhere.


Workaround
----------
Disable javascript or upgrade to fixed version.


References
----------
https://bugzilla.mozilla.org/show_bug.cgi?id=265728
Comment 4 Christopher Aillon 2005-04-28 16:26:59 EDT
Fixed in fc3 updates already.

Note You need to log in before you can comment on or make changes to this bug.