Ubuntu
mozilla-thunderbird package

Multiple vulnerabilities in Thunderbird 1.0.2

Bug #19078 reported by Alan Tam
6
Affects Status Importance Assigned to Milestone
mozilla-thunderbird (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

From http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318728:

Thunderbird 1.0.5 (and now 1.0.6) fixes these nine security issues, some of
which are classified as critical by the Mozilla developers:

CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML node spoofing
CAN-2005-2266: Same origin violation: frame calling top.focus()
CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo()
CAN-2005-2261: XML scripts ran even when Javascript disabled
CAN-2005-1532: Privilege escalation via non-DOM property overrides
CAN-2005-1160: Privilege escalation via DOM property overrides
CAN-2005-1159: Missing Install object instance checks
CAN-2005-0989: Javascript "lambda" replace exposes memory contents

We should upload a new package with these fixes for both hoary and breezy.

Revision history for this message
Alan Tam (at) wrote :

1.0.6-0ubuntu1 uploaded to breezy. Marking fixed, but I don't think this is a
good process - no one ever cares about the bug.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.