From ee280419e511495bc5dfbe3d5fea9366925778fd Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 25 Sep 2005 01:31:47 +0000
Subject: update the rest of the CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2174 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 data/DTSA/advs/18-thunderbird.adv | 36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

(limited to 'data/DTSA/advs')

diff --git a/data/DTSA/advs/18-thunderbird.adv b/data/DTSA/advs/18-thunderbird.adv
index bda6f97720..5ccce208f7 100644
--- a/data/DTSA/advs/18-thunderbird.adv
+++ b/data/DTSA/advs/18-thunderbird.adv
@@ -4,7 +4,7 @@ author: xxx
 vuln-type: multiple
 problem-scope: remote/local
 debian-specifc: yes/no
-cve: CAN-2005-0989, CAN-2005-1159
+cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989
 vendor-advisory: 
 testing-fix: xxx
 sid-fix: xxx
@@ -12,12 +12,38 @@ upgrade: apt-get install xxx
 
 xxx multiline description here
 
-CAN-2005-0989
-  The find_replen function in the Javascript engine allows remote
-  attackers to read portions of heap memory in a Javascript string via
-  the lambda replace method.
+CAN-2005-2968
+  Thunderbird incorrectly escapes commands in input, fed to it through
+  the --compose option, which could lead to execution of arbitrary
+  shell commands.
+
+CAN-2005-2266
+  Child frames may access parental frames, even if these are in
+  different access domains and may lead to information leakage of
+  cookies or pass words.
+
+CAN-2005-2265
+  Incorrect type checks in InstallVersion.compareTo may lead to a
+  denial-of-service attack or possibly execution of arbitrary code.
+
+CAN-2005-2261
+  XBL scripts are even run, if Javascript has been disabled.
+
+CAN-2005-1532
+  Javascript is inproperly limits its privileges to the calling
+  context, which could lead to "non-DOM privilege override".
+
+CAN-2005-1160
+  Overriding properties/methods of DOM nodes could lead to execution
+  of code with extended "chrome" privileges.
 
 CAN-2005-1159
   Native function implementations are not verified, causing Javascript 
   execution at improper memory addresses allowing denial of service and 
   potentially arbitrary code execution
+
+CAN-2005-0989
+  The find_replen function in the Javascript engine allows remote
+  attackers to read portions of heap memory in a Javascript string via
+  the lambda replace method.
+
-- 
cgit v1.2.3