[Gllug] weird 'spam' from Thunderbid
Chris Bell
chrisbell at overview.demon.co.uk
Fri Oct 6 09:00:49 UTC 2006
On Thu 05 Oct, t.clarke wrote:
>
> We are seeing some weird 'spam' from random users, all with headers
> indicating that it emanated from 'Thunderbird'. THe emails usually contain
> a load of text extracted from a web page or something, plus a 'GIF' attachment.
> They are being ignored, but I wonder if anyone can throw any light on the
> phenomonen.
>
> Tim
There has been a security update to Thunderbird, perhaps with good
reason.
>
> Date: Fri, 8 Sep 2006 07:50:27 +0200 (CEST)
> From: Martin Schulze <joey at infodrom.org>
> Reply-To: debian-security at lists.debian.org
> Subject: [SECURITY] [DSA 1159-2] New Mozilla Thunderbird packages fix several problems
> To: Debian Security Announcements <debian-security-announce at lists.debian.org>
> Resent-From: debian-security-announce at lists.debian.org
> Resent-Sender: debian-security-announce-request at lists.debian.org
> Resent-Date: Fri, 8 Sep 2006 00:57:27 -0500 (CDT)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 1159-2 security at debian.org
> http://www.debian.org/security/ Martin Schulze
> September 8th, 2006 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : mozilla-thunderbird
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE IDs : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
> CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
> CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
> BugTraq IDs : 18228 19181
>
> The latest security updates of Mozilla Thunderbird introduced a
> regression that led to a disfunctional attachment panel which warrants
> a correction to fix this issue. For reference please find below the
> original advisory text:
>
> Several security related problems have been discovered in Mozilla and
> derived products such as Mozilla Thunderbird. The Common
> Vulnerabilities and Exposures project identifies the following
> vulnerabilities:
>
> CVE-2006-2779
>
> Mozilla team members discovered several crashes during testing of
> the browser engine showing evidence of memory corruption which may
> also lead to the execution of arbitrary code. The last bit of
> this problem will be corrected with the next update. You can
> prevent any trouble by disabling Javascript. [MFSA-2006-32]
>
> CVE-2006-3805
>
> The Javascript engine might allow remote attackers to execute
> arbitrary code. [MFSA-2006-50]
>
> CVE-2006-3806
>
> Multiple integer overflows in the Javascript engine might allow
> remote attackers to execute arbitrary code. [MFSA-2006-50]
>
> CVE-2006-3807
>
> Specially crafted Javascript allows remote attackers to execute
> arbitrary code. [MFSA-2006-51]
>
> CVE-2006-3808
>
> Remote AutoConfig (PAC) servers could execute code with elevated
> privileges via a specially crafted PAC script. [MFSA-2006-52]
>
> CVE-2006-3809
>
> Scripts with the UniversalBrowserRead privilege could gain
> UniversalXPConnect privileges and possibly execute code or obtain
> sensitive data. [MFSA-2006-53]
>
> CVE-2006-3810
>
> A cross-site scripting vulnerability allows remote attackers to
> inject arbitrary web script or HTML. [MFSA-2006-54]
>
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list