Debian DSA-781-1 : mozilla-thunderbird - several vulnerabilities
High Nessus Plugin ID 19478
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral problems have been discovered in Mozilla Thunderbird, the standalone mail client of the Mozilla suite. The Common Vulnerabilities and Exposures project identifies the following problems :
Remote attackers could override certain properties or methods of DOM nodes and gain privileges.
Missing input sanitising of InstallVersion.compareTo() can cause the application to crash.
Remote attackers could steal sensitive information such as cookies and passwords from websites by accessing data in alien frames.
Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code.
The Mozilla browser family does not properly clone base objects, which allows remote attackers to execute arbitrary code.
SolutionUpgrade the Mozilla Thunderbird package.
The old stable distribution (woody) is not affected by these problems since it does not contain Mozilla Thunderbird packages.
For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.6.