.:[ packet storm ]:.
                           
honesty is the best policy
honesty is the best policy

 ///  File Name:USN-668-1.txt
Description:
Ubuntu Security Notice USN-668-1 - Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. Jesse Ruderman discovered that Thunderbird did not properly guard locks on non-native objects. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. Several problems were discovered in the browser, layout and JavaScript engines. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. A flaw was discovered in Thunderbird's DOM constructing code. If a user were tricked into opening a malicious website while having JavaScript enabled, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could execute JavaScript in the context of a different website. Chris Evans discovered that Thunderbird did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. Boris Zbarsky discovered that Thunderbird did not properly process comments in forwarded in-line messages. If a user had JavaScript enabled and opened a malicious email, an attacker may be able to obtain information about the recipient.
Homepage:http://security.ubuntu.com/
File Size:19008
Related CVE(s):CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024
Last Modified:Nov 26 15:22:02 2008
MD5 Checksum:86972d3d7c0f6b2330b74a6aa3ae351a

 .:. Back
 

 ///  Last 10 Files
  1. :· FreeBSD-SA-09-01.lukemftpd.txt
  2. :· FreeBSD-SA-09-02.openssl.txt
  3. :· USN-704-1.txt
  4. :· CA20090107-01.txt
  5. :· dsa-1697-1.txt
  6. :· dsa-1696-1.txt
  7. :· quotebook-disclose.txt
  8. :· cts2009-cfp.txt
  9. :· cisco-sa-20090107-gss.txt
  10. :· secadv_20090107.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· FreeBSD-SA-09-01.lukemftpd.txt
  2. :· FreeBSD-SA-09-02.openssl.txt
  3. :· USN-704-1.txt
  4. :· CA20090107-01.txt
  5. :· dsa-1697-1.txt
  6. :· dsa-1696-1.txt
  7. :· cisco-sa-20090107-gss.txt
  8. :· secadv_20090107.txt
  9. :· oCERT-2008-016.txt
  10. :· msienull-dos.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· quotebook-disclose.txt
  2. :· SN-2008-04.txt
  3. :· winamp-overflow.txt
  4. :· phpfusionecart-sql.txt
  5. :· audacity162-crash.txt
  6. :· perceptionliteserve-overflow.txt
  7. :· phpfusionmembers-sql.txt
  8. :· vuplayer249-overflow.txt
  9. :· joomla-traversal.txt
  10. :· cainabel4925-overflow.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· ip-array_0.05.74c.tar.gz
  2. :· mandos_1.0.3.orig.tar.gz
  3. :· lfi-rfi2.txt
  4. :· tor.uclibc.i686.20090105.iso
  5. :· RFIDIOt-0.1v.tgz
  6. :· ratproxy-1.53.tar.gz
  7. :· opennhrp-0.9.2.tar.bz2
  8. :· rkhunter-1.3.4.tar.gz
  9. :· zerowine-0.0.1.tar.gz
  10. :· inguma-0.1.1.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· cts2009-cfp.txt
  2. :· seacureit-cfp2009.txt
  3. :· msfxdc-contest.txt
  4. :· valsmith_colin_blog_spam.pdf
  5. :· dquist_valsmith_further_down_the_vm_spiral.pdf
  6. :· valsmith_dquist_hacking_malware.pdf
  7. :· uCon2009-CFP.txt
  8. :· md5-considered-harmful.pdf
  9. :· clickjack-xss.txt
  10. :· w3af-userguide.pdf
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice