Ubuntu Security Notice - Thunderbird vulnerabilities (USN-352-1)

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 25, 2006.

Thread Status:
Not open for further replies.

    NICK ADSL UK Administrator

    May 13, 2003
    Ubuntu Security Notice - Thunderbird vulnerabilities (USN-352-1)

    Ubuntu Security Notice USN-352-1 September 25, 2006
    mozilla-thunderbird vulnerabilities
    CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566,
    CVE-2006-4567, CVE-2006-4570, CVE-2006-4571

    A security issue affects the following Ubuntu releases:

    Ubuntu 6.06 LTS

    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.

    The problem can be corrected by upgrading your system to the
    following package versions:

    Ubuntu 6.06 LTS:

    After a standard system upgrade you need to restart Thunderbird to
    effect the necessary changes.

    Details follow:

    Various flaws have been reported that allow an attacker to execute
    arbitrary code with user privileges by tricking the user into opening
    a malicious email containing JavaScript. Please note that JavaScript
    is disabled by default for emails, and it is not recommended to enable
    it. (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571)

    The NSS library did not sufficiently check the padding of PKCS #1 v1.5
    signatures if the exponent of the public key is 3 (which is widely
    used for CAs). This could be exploited to forge valid signatures
    without the need of the secret key. (CVE-2006-4340)

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.