This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 197078 - CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: thunderbird (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
impact=moderate,source=mozilla,report...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-28 10:12 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHSA-2006-0611
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-28 20:07:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-06-28 10:12:34 EDT
+++ This bug was initially created as a clone of Bug #196973 +++

These issues will remain unfixed in Thunderbird until we upgrade to Thunderbird
1.5. They are not additional issues, simply problems which are fixed as part of
the upgrade.

CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Thunderbird processes certain javascript
actions. A malicious HTML mail could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the mail to steal
sensitive information or install client malware. Please note that javascript is
disabled by default in Thunderbird.

CVE-2006-2783 MFSA 2006-42
A cross site scripting flaw was found in the way Thunderbird processes Unicode
Byte-order-Mark (BOM) markers in UTF-8 HTML email. A malicious HTML mail message
could execute a script within the browser that a web input sanitizer could
miss due to a malformed "script" tag.

CVE-2006-2782 MFSA 2006-41
A form file upload flaw was found in the way Thunderbird handles javascript
input object mutation. A malicious HTML mail message could upload an arbitrary
local file at form submission time without user interaction.

CVE-2006-2778 MFSA 2006-38
A denial of service flaw was found in the way Thunderbird calls the
crypto.signText() javascript function. A malicious HTML mail message could crash
the mail client if the victim had a client certificate loaded.

CVE-2006-2786 MFSA 2006-33
Two HTTP response smuggling flaws were found in the way Thunderbird processes
certain invalid HTTP response headers. A malicious web server could return
specially crafted HTTP response headers which may bypass HTTP proxy
restrictions.

CVE-2006-2788
A double free flaw was found in the way the nsIX509::getRawDER method is
called. If a victim views a carefully crafted HTML mail it is possible to
execute arbitrary code as the user running Mozilla. (CVE-2006-2788)
Comment 3 Josh Bressers 2006-07-12 16:22:14 EDT
These additional issues are being tracked via this bug


Text stolen from MITRE:

CVE-2006-2781
Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and
SeaMonkey before 1.0.2 allows remote attackers to cause a denial of
service (hang) and possibly execute arbitrary code via a VCard that
contains invalid base64 characters.

CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via (1) nested <option> tags in a select tag, (2) a
DOMNodeRemoved mutation event, (3) "Content-implemented tree views,"
(4) BoxObjects, (5) the XBL implementation, (6) an iframe that
attempts to remove itself, which leads to memory corruption.

-- Additional comment from bressers@redhat.com on 2006-07-12 10:54 EST --
CVE-2006-2780
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote
attackers to cause a denial of service (crash) and possibly execute arbitrary
code via "jsstr tagify," which leads to memory corruption.
Comment 4 Josh Bressers 2006-07-14 16:00:13 EDT
CVE-2006-2777 is now being tracked via bug 198934
Comment 5 Red Hat Bugzilla 2006-07-28 20:07:32 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0611.html

Note You need to log in before you can comment on or make changes to this bug.