---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Ubuntu update for mozilla-thunderbird SECUNIA ADVISORY ID: SA21210 VERIFY ADVISORY: http://secunia.com/advisories/21210/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, System access WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 6.06 http://secunia.com/product/10611/ Ubuntu Linux 5.10 http://secunia.com/product/6606/ Ubuntu Linux 5.04 http://secunia.com/product/5036/ DESCRIPTION: Ubuntu has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system. For more information: SA14938 SA20382 SOLUTION: Apply updated packages. -- Ubuntu 5.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1.diff.gz Size/MD5: 98300 a4dffa1705bd280224188e7bbc7781dd http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1.dsc Size/MD5: 946 7eebd4d62af685dd0ce74d5ff741c92c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_amd64.deb Size/MD5: 3347854 519c296b742dc6e6d5c308b0b6c5a433 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_amd64.deb Size/MD5: 145244 9a8d5c4ade62afdb187022df1b188099 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_amd64.deb Size/MD5: 27718 aa28f71d2133d0810bbf166d86c68dc7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_amd64.deb Size/MD5: 82728 55ede40f0e71d287cfabe73492b3a71a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_amd64.deb Size/MD5: 11959242 c6acc1fa0785193f037fb35a14f7505e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_i386.deb Size/MD5: 3341642 18916c1156df514eb6b538ec63737a8d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_i386.deb Size/MD5: 140326 b2f8c499a4b160e6131d2fb2278e54b5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_i386.deb Size/MD5: 27724 6bab59d8db842eee01a411c256b64cd8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_i386.deb Size/MD5: 80468 114885d918a10761414adafc506be2e5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_i386.deb Size/MD5: 10911294 67ab1c44fe9a3d164e0c79755365e2bf powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04.1_powerpc.deb Size/MD5: 3337162 85e96f1fe254dc69170d3fc814110cd2 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04.1_powerpc.deb Size/MD5: 139122 0ac4864a4c69045c43b37aad80f3336d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04.1_powerpc.deb Size/MD5: 27732 b4103fcdfef1107966f21b8a857dc01f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04.1_powerpc.deb Size/MD5: 74682 8f14928b2be37c12e205be1389749e0d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.1_powerpc.deb Size/MD5: 10453746 f728c125a4ccf1d556ffd9cc39539055 -- Ubuntu 5.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2.diff.gz Size/MD5: 100417 c3f0f93e338ff900b5ccec2515d0c43b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2.dsc Size/MD5: 919 5945fce5d3140112099d74b56537666b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_amd64.deb Size/MD5: 3294738 7340b5b39e4954d5c6284e04229e6632 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_amd64.deb Size/MD5: 146796 030b130217cd4b0cec9fd2e0c5239a0d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_amd64.deb Size/MD5: 28266 11631a9ac55712b21a03470fe424e480 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_amd64.deb Size/MD5: 86278 4059ff0cb8da24cbd92d72accd3f2d67 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_amd64.deb Size/MD5: 11977184 6d77be91b8c0e9b06cf0cec0c8483998 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_i386.deb Size/MD5: 3288954 2ced47739fac731f7347e497492df79e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_i386.deb Size/MD5: 140348 f8b1ccb61ef81ba4b583f10369b82aee http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_i386.deb Size/MD5: 28262 ed05e4d9845d11e42062acd9d79e3a3b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_i386.deb Size/MD5: 77656 586525c74b61275a49b3f91a549c31b4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_i386.deb Size/MD5: 10380218 64dc49a7e9e75326164ca589aad327f1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_powerpc.deb Size/MD5: 3286824 49338b4f633089ec3119f8a341992751 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_powerpc.deb Size/MD5: 140438 401fc8d07b433ac4d71a9a37c9f086a7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_powerpc.deb Size/MD5: 28272 900eb236bc7e85f4d99177f12d0084f4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_powerpc.deb Size/MD5: 77364 c7b1e38a5d83594885bbeb987b477865 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_powerpc.deb Size/MD5: 10489086 b2665fa914781ad11bf4e826c5825a1a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.2_sparc.deb Size/MD5: 3286920 dd3b7e55abd608360b81e0db14b4376f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.2_sparc.deb Size/MD5: 138920 2709c330b93517f8dfa3676ee1f2aa92 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.2_sparc.deb Size/MD5: 28268 feba2248d1093bed5fa21f463a8ea3a0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.2_sparc.deb Size/MD5: 75314 d609546dfa5ff12c5e5c4a0e33efbf34 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.2_sparc.deb Size/MD5: 10165076 b9aaeb254fb107435156f01d70b64e9e -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06.diff.gz Size/MD5: 454199 909966693eff8a078ba864ad117ce739 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06.dsc Size/MD5: 958 e4f852b4bab77b9623cc341c20bc09d9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4.orig.tar.gz Size/MD5: 35231284 243305d4d6723a45fcb1028caa3abca6 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu4.1.diff.gz Size/MD5: 20665 cdfe87eb65540f718072e34e02934992 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu4.1.dsc Size/MD5: 782 8fb6b5df3c43f49a66ccf53ba5668b30 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94.orig.tar.gz Size/MD5: 3126659 7e34cbe51f5a1faca2e26fa0edfd6a06 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 3524682 33dc00f09c6696c30931de5d6ac3c0a4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 193242 b8590336a65d0291a23f867b82b26c3f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 58462 b01403276bf1092b1ccf0cad7baa72f9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 11962546 0ddac2ea690038906b1ffcd6344b7f39 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.1_amd64.deb Size/MD5: 335026 b1b887ea96c5e241bbe5467ff496afbc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 3516762 0d23ea5ccb664172eae44f152e68ccea http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 186610 53006a42e988e1f6094c3205a94a70ec http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 53966 d30216cff318235c7111983113c55f0e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 10269436 515e159ef36b150458d9fe96a839fab1 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.1_i386.deb Size/MD5: 322588 8f6e39daed993d2f8aec8fd50878847d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 3521642 e1ac4e93a87b4ddaa6176da12c927884 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 189958 6eae0743502e13782001bc3979388e83 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 57556 660594aff823a3a77abeb2ee87693c4c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 11536352 128dbafe11cebc0b64233272e351be9c http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.1_powerpc.deb Size/MD5: 326082 5f737efbb2625db219376e7ade40a731 ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-297-3 OTHER REFERENCES: SA14938: http://secunia.com/advisories/14938/ SA20382: http://secunia.com/advisories/20382/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------