[Secure-testing-commits] r2174 - data/DTSA/advs

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Sep 25 01:31:48 UTC 2005 

Author: jmm-guest
Date: 2005-09-25 01:31:47 +0000 (Sun, 25 Sep 2005)
New Revision: 2174

Modified:
   data/DTSA/advs/18-thunderbird.adv
Log:
update the rest of the CVEs


Modified: data/DTSA/advs/18-thunderbird.adv
===================================================================
--- data/DTSA/advs/18-thunderbird.adv	2005-09-25 01:28:53 UTC (rev 2173)
+++ data/DTSA/advs/18-thunderbird.adv	2005-09-25 01:31:47 UTC (rev 2174)
@@ -4,7 +4,7 @@
 vuln-type: multiple
 problem-scope: remote/local
 debian-specifc: yes/no
-cve: CAN-2005-0989, CAN-2005-1159
+cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989
 vendor-advisory: 
 testing-fix: xxx
 sid-fix: xxx
@@ -12,12 +12,38 @@
 
 xxx multiline description here
 
+CAN-2005-2968
+  Thunderbird incorrectly escapes commands in input, fed to it through
+  the --compose option, which could lead to execution of arbitrary
+  shell commands.
+
+CAN-2005-2266
+  Child frames may access parental frames, even if these are in
+  different access domains and may lead to information leakage of
+  cookies or pass words.
+
+CAN-2005-2265
+  Incorrect type checks in InstallVersion.compareTo may lead to a
+  denial-of-service attack or possibly execution of arbitrary code.
+
+CAN-2005-2261
+  XBL scripts are even run, if Javascript has been disabled.
+
+CAN-2005-1532
+  Javascript is inproperly limits its privileges to the calling
+  context, which could lead to "non-DOM privilege override".
+
+CAN-2005-1160
+  Overriding properties/methods of DOM nodes could lead to execution
+  of code with extended "chrome" privileges.
+
+CAN-2005-1159
+  Native function implementations are not verified, causing Javascript 
+  execution at improper memory addresses allowing denial of service and 
+  potentially arbitrary code execution
+
 CAN-2005-0989
   The find_replen function in the Javascript engine allows remote
   attackers to read portions of heap memory in a Javascript string via
   the lambda replace method.
 
-CAN-2005-1159
-  Native function implementations are not verified, causing Javascript 
-  execution at improper memory addresses allowing denial of service and 
-  potentially arbitrary code execution

More information about the Secure-testing-commits mailing list