Vulnerability Bulletins |
Ejecución de código JavaScript arbitrario en Mozilla Thunderbird |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de la visibilidad |
Dificulty | Principiante |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
Mozilla Thunderbird <= 1.0.7 Mozilla Suite < 1.7.13 |
Description |
|
Se ha descubierto una vulnerabilidad en Mozilla Thunderbird 1.0.7 y anteriores. La vulnerabilidad reside en un error de validación de las comprobaciones de seguridad de JavaScript. Un atacante remoto podría ejecutar código JavaScript arbitrario y causar una denegación de servicio mediante un email especialmente diseñado. |
|
Solution |
|
Actualización de software Mandriva Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.5.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.5.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.5.20060mdk.src.rpm Debian (Mozilla 1.7.8) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.dsc http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.diff.gz http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_alpha.deb AMD64 http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_amd64.deb ARM http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_arm.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb HP Precision http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mips.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_s390.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_sparc.deb Sun (102550) / Mozilla 1.7 Mozilla 1.7 / Solaris 8 + 9 / SPARC / patch 120671-02 Mozilla 1.7 / Solaris 8 + 9 / x86 / patch 120672-02 Mozilla 1.7 / Solaris 10 / SPARC / patch 119115-19 Mozilla 1.7 / Solaris 10 / x86 / patch 119116-19 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-0884 |
BID | 16770 |
Other resources |
|
Sysdream http://www.sysdream.com/article.php?story_id=230§ion_id=78 Mozilla (mfsa2006-21) http://www.mozilla.org/security/announce/2006/mfsa2006-21.html Mandriva Security Advisory (MDKSA-2006:052) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:052 Debian Security Advisory (DSA 1046-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00131.html Sun Alert Notification (102550) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-03-03 |
1.1 | Aviso emitido por Debian (DSA 1046-1) | 2006-04-27 |
1.2 | Aviso emitido por Sun (102550) | 2006-12-11 |