Next Page >>
mozilla/thunderbird
PUBLIC
=========================================================================
ACROS Security Problem Report #2011-08-18-2
-------------------------------------------------------------------------
ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird
=========================================================================
Document ID: ASPR #2011-08-18-2-PUB
Vendor: Mozilla (http://www.mozilla.org)
Target: Mozilla Thunderbird
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: November 18, 2007
Bugs: #196481
ID: 200711-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2010:071
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : April 23, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
Background
==========
Mozilla Firefox is an open-source web browser from the Mozilla Project,
and Mozilla Thunderbird an email client. The SeaMonkey project is a
community effort to deliver production-quality releases of code derived
from the application formerly known as the 'Mozilla Application Suite'.
XULRunner is a Mozilla runtime package that can be used to bootstrap
XUL+XPCOM applications like Firefox and Thunderbird.
user-assisted execution of arbitrary code.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
user-assisted execution of arbitrary code.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
Mandriva Linux Security Advisory MDVSA-2009:083
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : April 1, 2009
Affected: 2008.1, 2009.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-536-1 October 23, 2007
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511,
CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339,
CVE-2007-5340
===========================================================
A security issue affects the following Ubuntu releases:
===========================================================
Ubuntu Security Notice USN-582-1 February 29, 2008
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
CVE-2008-0418, CVE-2008-0420
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
===========================================================
Ubuntu Security Notice USN-503-1 August 24, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844,
CVE-2007-3845
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
===========================================================
Ubuntu Security Notice USN-582-2 March 06, 2008
mozilla-thunderbird
https://launchpad.net/bugs/197504
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Mandriva Linux Security Advisory MDVSA-2009:141
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : June 17, 2009
Affected: 2009.0, 2009.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:155-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : July 27, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:216
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : August 23, 2009
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:012
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : January 15, 2009
Affected: 2008.1, 2009.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:206
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : September 26, 2008
Affected: 2008.0, 2008.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:235
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : November 20, 2008
Affected: 2008.1, 2009.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:062
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : March 6, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2007:047
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : February 19, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-629-1 July 25, 2008
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802,
CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Package : icedove
Debian Bug : 671408 671410
The latest security update, DSA-2464-1, for Icedove, Debian's version
of the Mozilla Thunderbird mail client, contained a regression: the
removal of UTF-7 support resulted in incorrect display of IMAP folder
names.
For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze10.
===========================================================
Ubuntu Security Notice USN-647-1 September 26, 2008
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064,
CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068,
CVE-2008-4070
===========================================================
A security issue affects the following Ubuntu releases:
===========================================================
Ubuntu Security Notice USN-605-1 May 06, 2008
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236,
CVE-2008-1237
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Mandriva Linux Security Advisory MDVSA-2008:155
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : July 25, 2008
Affected: 2008.0, 2008.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
- - FreeBSD
- - MacOSX
- - Google Chrome
- - Mozilla Firefox
- - Mozilla Seamonkey
- - Mozilla Thunderbird
- - Mozilla Sunbird
- - Mozilla Camino
- - KDE (example: konqueror)
- - Opera
- - K-Meleon
certificate (not from a trusted CA) can be generated with an AIA
(Authority Information Access) extension containing an URL controlled
by the malicious sender. By doing that the sender will immediately
know when the message recipient read the message on Outloook. I
performed some tests that confirmed this scenario. Other e-mail
clients like Mozilla Thunderbird and Lotus Notes have not presented
the same behavior. It seems that only Outlook implements this part of
RFC2459. It's behaving in the right way, but I believe that the user
should have the ability to disable it.
Here is a sample of a web access from the recipient of a message
Mandriva Linux Security Advisory MDVSA-2010:211
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : October 22, 2010
Affected: 2009.0, 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:051
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : March 1, 2010
Affected: 2008.0, 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2011:042
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : March 7, 2011
Affected: 2009.0, 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 26, 2008
I. BACKGROUND
Mozilla Thunderbird is an open source electronic mail client and news
reader. Multipurpose Internet Message Extensions (MIME) is a standard
that defines how non-text attachments and other data are handled in
electronic mail. The external-body MIME type is used for retrieving a
resource that is referenced in the message, such as an attachment. For
more information, see the vendor's website at the following URL.
Next Page>>
|
