U radu programskog paketa Mozilla Thunderbird uočeno je više sigurnosnih propusta. Te je propuste moguće iskoristiti za pokretanje proizvoljnog programskog koda, neovlašten pristup lokalnim ili udaljenim resursima, i DoS napad.

   openSUSE Security Update: MozillaThunderbird: Update to Mozilla Thunderbird
3.1.14
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:1076-2
Rating:             important
References:         #720264 
Affected Products:
                    openSUSE 11.4
                    openSUSE 11.3
______________________________________________________________________________

   An update that contains security fixes can now be
   installed. It includes two new package versions.

Description:

   Mozilla Thunderbird was updated to version 3.1.14, fixing
   various bugs and security issues.

   MFSA 2011-36: Mozilla developers identified and fixed
   several memory safety bugs in the browser engine used in
   Firefox and other Mozilla-based products. Some of these
   bugs showed evidence of memory corruption under certain
   circumstances, and we presume that with enough effort at
   least some of these could be exploited to run arbitrary
   code.

   In general these flaws cannot be exploited through email in
   the Thunderbird and SeaMonkey products because scripting is
   disabled, but are potentially a risk in browser or
   browser-like contexts in those products.

   Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported
   memory safety problems that affected Firefox 3.6 and
   Firefox 6. (CVE-2011-2995)

   Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor
   Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous
   reported memory safety problems that affected Firefox 6,
   fixed in Firefox 7. (CVE-2011-2997)



   MFSA 2011-38: Mozilla developer Boris Zbarsky reported that
   a frame named "location" could shadow the window.location
   object unless a script in a page grabbed a reference to the
   true object before the frame was created. Because some
   plugins use the value of window.location to determine the
   page origin this could fool the plugin into granting the
   plugin content access to another site or the local file
   system in violation of the Same Origin Policy. This flaw
   allows circumvention of the fix added for MFSA 2010-10.
   (CVE-2011-2999)

   MFSA 2011-39: Ian Graham of Citrix Online reported that
   when multiple Location headers were present in a redirect
   response Mozilla behavior differed from other browsers:
   Mozilla would use the second Location header while Chrome
   and Internet Explorer would use the first. Two copies of
   this header with different values could be a symptom of a
   CRLF injection attack against a vulnerable server. Most
   commonly it is the Location header itself that is
   vulnerable to the response splitting and therefore the copy
   preferred by Mozilla is more likely to be the malicious
   one. It is possible, however, that the first copy was the
   injected one depending on the nature of the server
   vulnerability.

   The Mozilla browser engine has been changed to treat two
   copies of this header with different values as an error
   condition. The same has been done with the headers
   Content-Length and Content-Disposition. (CVE-2011-3000)

   MFSA 2011-40: Mariusz Mlynski reported that if you could
   convince a user to hold down the Enter key--as part of a
   game or test, perhaps--a malicious page could pop up a
   download dialog where the held key would then activate the
   default Open action. For some file types this would be
   merely annoying (the equivalent of a pop-up) but other file
   types have powerful scripting capabilities. And this would
   provide an avenue for an attacker to exploit a
   vulnerability in applications not normally exposed to
   potentially hostile internet content.

   Mariusz also reported a similar flaw with manual plugin
   installation using the PLUGINSPAGE attribute. It was
   possible to create an internal error that suppressed a
   confirmation dialog, such that holding enter would lead to
   the installation of an arbitrary add-on. (This variant did
   not affect Firefox 3.6)

   Holding enter allows arbitrary code execution due to
   Download Manager (CVE-2011-2372)

   Holding enter allows arbitrary extension installation
   (CVE-2011-3001)

   MFSA 2011-42: Security researcher Aki Helin reported a
   potentially exploitable crash in the YARR regular
   expression library used by JavaScript. (CVE-2011-3232)

   MFSA 2011-44: sczimmer reported that Firefox crashed when
   loading a particular .ogg file. This was due to a
   use-after-free condition and could potentially be exploited
   to install malware. (CVE-2011-3005)

   This vulnerability does not affect Firefox 3.6 or earlier.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch MozillaThunderbird-5204

   - openSUSE 11.3:

      zypper in -t patch MozillaThunderbird-5204

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64) [New Version: 3.1.15]:

      MozillaThunderbird-3.1.15-0.17.1
      MozillaThunderbird-buildsymbols-3.1.15-0.17.1
      MozillaThunderbird-devel-3.1.15-0.17.1
      MozillaThunderbird-translations-common-3.1.15-0.17.1
      MozillaThunderbird-translations-other-3.1.15-0.17.1
      enigmail-1.1.2+3.1.15-0.17.1

   - openSUSE 11.3 (i586 x86_64) [New Version: 3.1.15]:

      MozillaThunderbird-3.1.15-0.21.1
      MozillaThunderbird-devel-3.1.15-0.21.1
      MozillaThunderbird-translations-common-3.1.15-0.21.1
      MozillaThunderbird-translations-other-3.1.15-0.21.1
      enigmail-1.1.2+3.1.15-0.21.1


References:

   https://bugzilla.novell.com/720264

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.