[Gllug] weird 'spam' from Thunderbid

Chris Bell chrisbell at overview.demon.co.uk
Fri Oct 6 09:00:49 UTC 2006


On Thu 05 Oct, t.clarke wrote:
> 
> We are seeing some weird 'spam' from random users, all with headers
> indicating that it emanated from 'Thunderbird'.   THe emails usually contain
> a load of text extracted from a web page or something, plus a 'GIF' attachment.
> They are being ignored,  but I wonder if anyone can throw any light on the
> phenomonen.
> 
> Tim

   There has been a security update to Thunderbird, perhaps with good
reason.


> 
> Date: Fri,  8 Sep 2006 07:50:27 +0200 (CEST)
> From: Martin Schulze <joey at infodrom.org>
> Reply-To: debian-security at lists.debian.org
> Subject: [SECURITY] [DSA 1159-2] New Mozilla Thunderbird packages fix several problems
> To: Debian Security Announcements <debian-security-announce at lists.debian.org>
> Resent-From: debian-security-announce at lists.debian.org
> Resent-Sender: debian-security-announce-request at lists.debian.org
> Resent-Date: Fri,  8 Sep 2006 00:57:27 -0500 (CDT)
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 1159-2                    security at debian.org
> http://www.debian.org/security/                             Martin Schulze
> September 8th, 2006                     http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : mozilla-thunderbird
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
>                  CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
> CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
> BugTraq IDs    : 18228 19181
> 
> The latest security updates of Mozilla Thunderbird introduced a
> regression that led to a disfunctional attachment panel which warrants
> a correction to fix this issue.  For reference please find below the
> original advisory text:
> 
>   Several security related problems have been discovered in Mozilla and
>   derived products such as Mozilla Thunderbird.  The Common
>   Vulnerabilities and Exposures project identifies the following
>   vulnerabilities:
> 
>   CVE-2006-2779
> 
>       Mozilla team members discovered several crashes during testing of
>       the browser engine showing evidence of memory corruption which may
>       also lead to the execution of arbitrary code.  The last bit of
>       this problem will be corrected with the next update.  You can
>       prevent any trouble by disabling Javascript.  [MFSA-2006-32]
> 
>   CVE-2006-3805
> 
>       The Javascript engine might allow remote attackers to execute
>       arbitrary code.  [MFSA-2006-50]
> 
>   CVE-2006-3806
> 
>       Multiple integer overflows in the Javascript engine might allow
>       remote attackers to execute arbitrary code.  [MFSA-2006-50]
> 
>   CVE-2006-3807
> 
>       Specially crafted Javascript allows remote attackers to execute
>       arbitrary code.  [MFSA-2006-51]
> 
>   CVE-2006-3808
> 
>       Remote AutoConfig (PAC) servers could execute code with elevated
>       privileges via a specially crafted PAC script.  [MFSA-2006-52]
> 
>   CVE-2006-3809
> 
>       Scripts with the UniversalBrowserRead privilege could gain
>       UniversalXPConnect privileges and possibly execute code or obtain
>       sensitive data.  [MFSA-2006-53]
> 
>   CVE-2006-3810
> 
>       A cross-site scripting vulnerability allows remote attackers to
>       inject arbitrary web script or HTML.  [MFSA-2006-54]
> 

-- 
Chris Bell

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list