Home / mailingsPDF  

[USN-1369-1] Thunderbird vulnerabilities

Posted on 18 February 2012
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-1369-1
February 17, 2012

thunderbird vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Nicolas Gregoire and Aki Helin discovered that when processing a malforme=
d
embedded XSLT stylesheet, Thunderbird can crash due to memory corruption.=

If the user were tricked into opening a specially crafted page, an attack=
er
could exploit this to cause a denial of service via application crash, or=

potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding =
of
Ogg Vorbis files. If the user were tricked into opening a specially craft=
ed
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the=

user invoking Thunderbird. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain image types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Thunderbird did not properly perform XPConnect
security checks. An attacker could exploit this to conduct cross-site
scripting (XSS) attacks through web pages and Thunderbird extensions. Wit=
h
cross-site scripting vulnerabilities, if a user were tricked into viewing=
a
specially crafted page, a remote attacker could exploit this to modify th=
e
contents, or steal confidential data, within the same domain.
(CVE-2012-0446)

It was discovered that Thunderbird did not properly handle node removal i=
n
the DOM. If the user were tricked into opening a specially crafted page, =
an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoki=
ng
Thunderbird. (CVE-2011-3659)

Alex Dvorov discovered that Thunderbird did not properly handle sub-frame=
s
in form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey=

discovered memory safety issues affecting Thunderbird. If the user were
tricked into opening a specially crafted page, an attacker could exploit
these to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-0442, CVE-2012-0443)

Andrew McCreight and Olli Pettay discovered a use-after-free vulnerabilit=
y
in the XBL bindings. An attacker could exploit this to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-0452)

Jueri Aedla discovered that libpng, which is in Thunderbird, did not
properly verify the size used when allocating memory during chunk
decompression. If a user or automated system using libpng were tricked in=
to
opening a specially crafted image, an attacker could exploit this to caus=
e
a denial of service or execute code with the privileges of the user
invoking the program. (CVE-2011-3026)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
thunderbird 10.0.2+build1-0ubuntu0.11.10.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1369-1
CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444,
CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449,
CVE-2012-0452, https://launchpad.net/bugs/923372, https://launchpad.net=
/bugs/929964, https://launchpad.net/bugs/933382

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/10.0.2+build1-0ubuntu0=
=2E11.10.1




------------

 

TOP

Mailings :

Exploits :