diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2005-09-25 01:31:47 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2005-09-25 01:31:47 +0000 |
| commit | ee280419e511495bc5dfbe3d5fea9366925778fd (patch) | |
| tree | 63952b8a068b6d30e381ad18a623ccaeeb4d5bb8 /data/DTSA/advs | |
| parent | 80e803e6d22fc15576411958af9ec1782efaecf8 (diff) | |
update the rest of the CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2174 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
| -rw-r--r-- | data/DTSA/advs/18-thunderbird.adv | 36 |
1 files changed, 31 insertions, 5 deletions
diff --git a/data/DTSA/advs/18-thunderbird.adv b/data/DTSA/advs/18-thunderbird.adv index bda6f97720..5ccce208f7 100644 --- a/data/DTSA/advs/18-thunderbird.adv +++ b/data/DTSA/advs/18-thunderbird.adv @@ -4,7 +4,7 @@ author: xxx vuln-type: multiple problem-scope: remote/local debian-specifc: yes/no -cve: CAN-2005-0989, CAN-2005-1159 +cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989 vendor-advisory: testing-fix: xxx sid-fix: xxx @@ -12,12 +12,38 @@ upgrade: apt-get install xxx xxx multiline description here -CAN-2005-0989 - The find_replen function in the Javascript engine allows remote - attackers to read portions of heap memory in a Javascript string via - the lambda replace method. +CAN-2005-2968 + Thunderbird incorrectly escapes commands in input, fed to it through + the --compose option, which could lead to execution of arbitrary + shell commands. + +CAN-2005-2266 + Child frames may access parental frames, even if these are in + different access domains and may lead to information leakage of + cookies or pass words. + +CAN-2005-2265 + Incorrect type checks in InstallVersion.compareTo may lead to a + denial-of-service attack or possibly execution of arbitrary code. + +CAN-2005-2261 + XBL scripts are even run, if Javascript has been disabled. + +CAN-2005-1532 + Javascript is inproperly limits its privileges to the calling + context, which could lead to "non-DOM privilege override". + +CAN-2005-1160 + Overriding properties/methods of DOM nodes could lead to execution + of code with extended "chrome" privileges. CAN-2005-1159 Native function implementations are not verified, causing Javascript execution at improper memory addresses allowing denial of service and potentially arbitrary code execution + +CAN-2005-0989 + The find_replen function in the Javascript engine allows remote + attackers to read portions of heap memory in a Javascript string via + the lambda replace method. + |