[Gllug] weird 'spam' from Thunderbid

Chris Bell chrisbell at overview.demon.co.uk
Fri Oct 6 09:09:53 UTC 2006


On Fri 06 Oct, Chris Bell wrote:
> 
> On Thu 05 Oct, t.clarke wrote:
> > 
> > We are seeing some weird 'spam' from random users, all with headers
> > indicating that it emanated from 'Thunderbird'.   THe emails usually contain
> > a load of text extracted from a web page or something, plus a 'GIF' attachment.
> > They are being ignored,  but I wonder if anyone can throw any light on the
> > phenomonen.
> > 
> > Tim
> 
>    There has been a security update to Thunderbird, perhaps with good
> reason.
> 
> 
> > 
> > Date: Fri,  8 Sep 2006 07:50:27 +0200 (CEST)
> > From: Martin Schulze <joey at infodrom.org>
> > Reply-To: debian-security at lists.debian.org
> > Subject: [SECURITY] [DSA 1159-2] New Mozilla Thunderbird packages fix several proble
> ms

And another:


> Date: Thu,  5 Oct 2006 12:14:30 +0200 (CEST)
> From: Martin Schulze <joey at infodrom.org>
> Reply-To: debian-security at lists.debian.org
> Subject: [SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities
> To: Debian Security Announcements <debian-security-announce at lists.debian.org>
> Resent-From: debian-security-announce at lists.debian.org
> Resent-Sender: debian-security-announce-request at lists.debian.org
> Resent-Date: Thu,  5 Oct 2006 05:17:14 -0500 (CDT)
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 1191-1                    security at debian.org
> http://www.debian.org/security/                             Martin Schulze
> October 5th, 2006                       http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : mozilla-thunderbird
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE IDs        : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
>                  CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
> BugTraq ID     : 20042
> 
> Several security related problems have been discovered in Mozilla and
> derived products such as Mozilla Thunderbird.  The Common
> Vulnerabilities and Exposures project identifies the following
> vulnerabilities:
> 
> CVE-2006-2788
> 
>     Fernando Ribeiro discovered that a vulnerability in the getRawDER
>     functionallows remote attackers to cause a denial of service
>     (hang) and possibly execute arbitrary code.
> 
> CVE-2006-4340
> 
>     Daniel Bleichenbacher recently described an implementation error
>     in RSA signature verification that cause the application to
>     incorrectly trust SSL certificates.
> 
> CVE-2006-4565, CVE-2006-4566
> 
>     Priit Laes reported that that a JavaScript regular expression can
>     trigger a heap-based buffer overflow which allows remote attackers
>     to cause a denial of service and possibly execute arbitrary code.
> 
> CVE-2006-4568
> 
>     A vulnerability has been discovered that allows remote attackers
>     to bypass the security model and inject content into the sub-frame
>     of another site.
> 
> CVE-2006-4570
> 
>     Georgi Guninski demonstrated that even with JavaScript disabled in
>     mail (the default) an attacker can still execute JavaScript when a
>     mail message is viewed, replied to, or forwarded.
> 
> CVE-2006-4571
> 
>     Multiple unspecified vulnerabilities in Firefox, Thunderbird and
>     SeaMonkey allow remote attackers to cause a denial of service,
>     corrupt memory, and possibly execute arbitrary code.
> 


-- 
Chris Bell

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list