Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)
Critical Nessus Plugin ID 21321
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
Due to a flaw in the HTML tag parser a specific sequence of HTML tags caused memory corruption. A malicious HTML email could exploit this to crash the browser or even execute arbitrary code with the user's privileges. (CVE-2006-0748)
An invalid ordering of table-related tags caused Thunderbird to use a negative array index. A malicious HTML email could exploit this to execute arbitrary code with the privileges of the user.
As a privacy measure to prevent senders (primarily spammers) from tracking when email is read Thunderbird does not load remote content referenced from an HTML mail message until a user tells it to do so.
This normally includes the content of frames and CSS files. It was discovered that it was possible to bypass this restriction by indirectly including remote content through an intermediate inline CSS script or frame. (CVE-2006-1045)
Georgi Guninski discovered that embedded XBL scripts could escalate their (normally reduced) privileges to get full privileges of the user if the email is viewed with 'Print Preview'. (CVE-2006-1727)
The crypto.generateCRMFRequest() function had a flaw which could be exploited to run arbitrary code with the user's privileges.
An integer overflow was detected in the handling of the CSS property 'letter-spacing'. A malicious HTML email could exploit this to run arbitrary code with the user's privileges. (CVE-2006-1730)
Several crashes have been fixed which could be triggered by specially crafted HTML content and involve memory corruption. These could potentially be exploited to execute arbitrary code with the user's privileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)
The 'enigmail' plugin has been updated to work with the new Thunderbird and Mozilla versions.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.