[Gllug] weird 'spam' from Thunderbid
Chris Bell
chrisbell at overview.demon.co.uk
Fri Oct 6 09:09:53 UTC 2006
On Fri 06 Oct, Chris Bell wrote:
>
> On Thu 05 Oct, t.clarke wrote:
> >
> > We are seeing some weird 'spam' from random users, all with headers
> > indicating that it emanated from 'Thunderbird'. THe emails usually contain
> > a load of text extracted from a web page or something, plus a 'GIF' attachment.
> > They are being ignored, but I wonder if anyone can throw any light on the
> > phenomonen.
> >
> > Tim
>
> There has been a security update to Thunderbird, perhaps with good
> reason.
>
>
> >
> > Date: Fri, 8 Sep 2006 07:50:27 +0200 (CEST)
> > From: Martin Schulze <joey at infodrom.org>
> > Reply-To: debian-security at lists.debian.org
> > Subject: [SECURITY] [DSA 1159-2] New Mozilla Thunderbird packages fix several proble
> ms
And another:
> Date: Thu, 5 Oct 2006 12:14:30 +0200 (CEST)
> From: Martin Schulze <joey at infodrom.org>
> Reply-To: debian-security at lists.debian.org
> Subject: [SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities
> To: Debian Security Announcements <debian-security-announce at lists.debian.org>
> Resent-From: debian-security-announce at lists.debian.org
> Resent-Sender: debian-security-announce-request at lists.debian.org
> Resent-Date: Thu, 5 Oct 2006 05:17:14 -0500 (CDT)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 1191-1 security at debian.org
> http://www.debian.org/security/ Martin Schulze
> October 5th, 2006 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : mozilla-thunderbird
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE IDs : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
> CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
> BugTraq ID : 20042
>
> Several security related problems have been discovered in Mozilla and
> derived products such as Mozilla Thunderbird. The Common
> Vulnerabilities and Exposures project identifies the following
> vulnerabilities:
>
> CVE-2006-2788
>
> Fernando Ribeiro discovered that a vulnerability in the getRawDER
> functionallows remote attackers to cause a denial of service
> (hang) and possibly execute arbitrary code.
>
> CVE-2006-4340
>
> Daniel Bleichenbacher recently described an implementation error
> in RSA signature verification that cause the application to
> incorrectly trust SSL certificates.
>
> CVE-2006-4565, CVE-2006-4566
>
> Priit Laes reported that that a JavaScript regular expression can
> trigger a heap-based buffer overflow which allows remote attackers
> to cause a denial of service and possibly execute arbitrary code.
>
> CVE-2006-4568
>
> A vulnerability has been discovered that allows remote attackers
> to bypass the security model and inject content into the sub-frame
> of another site.
>
> CVE-2006-4570
>
> Georgi Guninski demonstrated that even with JavaScript disabled in
> mail (the default) an attacker can still execute JavaScript when a
> mail message is viewed, replied to, or forwarded.
>
> CVE-2006-4571
>
> Multiple unspecified vulnerabilities in Firefox, Thunderbird and
> SeaMonkey allow remote attackers to cause a denial of service,
> corrupt memory, and possibly execute arbitrary code.
>
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list