Launchpad.net

CVE 2005-2353

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

Related bugs and status

CVE-2005-2353 (Candidate) is related to these bugs:

Bug #15339: mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type

Summary				In	Importance	Status
	15339	mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type		mozilla-thunderbird (Ubuntu)	High	Fix Released
	15339	mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #20324: mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)

Summary				In	Importance	Status
	20324	mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)		mozilla-thunderbird (Ubuntu)	High	Fix Released
	20324	mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)		mozilla-thunderbird (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MANDRIVA: MDKSA-2005:173
MANDRIVA: MDKSA-2005:174
DEBIAN: DSA-1046
SECUNIA: 19863
DEBIAN: DSA-1051
BID: 14443
SECUNIA: 19941
UBUNTU: USN-157-1