Multiple vulnerabilities in Thunderbird 1.0.2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mozilla-thunderbird (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
From http://
Thunderbird 1.0.5 (and now 1.0.6) fixes these nine security issues, some of
which are classified as critical by the Mozilla developers:
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML node spoofing
CAN-2005-2266: Same origin violation: frame calling top.focus()
CAN-2005-2265: Possible exploitable crash in InstallVersion.
CAN-2005-2261: XML scripts ran even when Javascript disabled
CAN-2005-1532: Privilege escalation via non-DOM property overrides
CAN-2005-1160: Privilege escalation via DOM property overrides
CAN-2005-1159: Missing Install object instance checks
CAN-2005-0989: Javascript "lambda" replace exposes memory contents
We should upload a new package with these fixes for both hoary and breezy.
1.0.6-0ubuntu1 uploaded to breezy. Marking fixed, but I don't think this is a
good process - no one ever cares about the bug.