Home / mailings [USN-1122-3] Thunderbird regression
Posted on 06 June 2011
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1122-3
June 06, 2011
thunderbird regression
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
An empty menu bar sometimes appeared after upgrade in USN-1122-2
Software Description:
- thunderbird: mail/news client with RSS and integrated spam filter suppo=
rt
Details:
USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A
regression was introduced which caused Thunderbird to display an empty me=
nu
bar. This update fixes the problem. We apologize for the inconvenience.
Original advisory details:
It was discovered that there was a vulnerability in the memory handling =
of
certain types of content. An attacker could exploit this to possibly run=
arbitrary code as the user running Thunderbird. (CVE-2011-0081)
=20
It was discovered that Thunderbird incorrectly handled certain JavaScrip=
t
requests. If JavaScript were enabled, an attacker could exploit this to
possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0069)
=20
Ian Beer discovered a vulnerability in the memory handling of a certain
types of documents. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0070)
=20
Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderma=
n
discovered several memory vulnerabilities. An attacker could exploit the=
se
to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0080)
=20
Aki Helin discovered multiple vulnerabilities in the HTML rendering code=
=2E
An attacker could exploit these to possibly run arbitrary code as the us=
er
running Thunderbird. (CVE-2011-0074, CVE-2011-0075)
=20
Ian Beer discovered multiple overflow vulnerabilities. An attacker could=
exploit these to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0077, CVE-2011-0078)
=20
Martin Barbella discovered a memory vulnerability in the handling of
certain DOM elements. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0072)
=20
It was discovered that there were use-after-free vulnerabilities in
Thunderbird's mChannel and mObserverList objects. An attacker could expl=
oit
these to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0065, CVE-2011-0066)
=20
It was discovered that there was a vulnerability in the handling of the
nsTreeSelection element. An attacker sending a specially crafted E-Mail
could exploit this to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0073)
=20
Paul Stone discovered a vulnerability in the handling of Java applets. I=
f
plugins were enabled, an attacker could use this to mimic interaction wi=
th
form autocomplete controls and steal entries from the form history.
(CVE-2011-0067)
=20
Soroush Dalili discovered a vulnerability in the resource: protocol. Thi=
s
could potentially allow an attacker to load arbitrary files that were
accessible to the user running Thunderbird. (CVE-2011-0071)
=20
Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id=
()
function. An attacker could possibly use this vulnerability to make othe=
r
attacks more reliable. (CVE-2011-1202)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
thunderbird-globalmenu 3.1.10+build1+nobinonly-0ubuntu0.11.04.=
2
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
https://launchpad.net/bugs/777619
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/3.1.10+build1+nobinonl=
y-0ubuntu0.11.04.2
------------
