Home / mailings [USN-1400-4] Thunderbird regressions
Posted on 03 April 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1400-4
April 03, 2012
thunderbird regressions
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
USN-1400-3 introduced regressions in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird
version caused a regression in IMAP connections and mail filtering. This
update fixes the problem.
Original advisory details:
Soroush Dalili discovered that Firefox did not adequately protect agains=
t
dropping JavaScript links onto a frame. A remote attacker could, through=
cross-site scripting (XSS), exploit this to modify the contents or steal=
confidential data. (CVE-2012-0455)
=20
Atte Kettunen discovered a use-after-free vulnerability in Firefox's
handling of SVG animations. An attacker could potentially exploit this t=
o
execute arbitrary code with the privileges of the user invoking Firefox.=
(CVE-2012-0457)
=20
Atte Kettunen discovered an out of bounds read vulnerability in Firefox'=
s
handling of SVG Filters. An attacker could potentially exploit this to m=
ake
data from the user's memory accessible to the page content. (CVE-2012-04=
56)
=20
Mike Brooks discovered that using carriage return line feed (CRLF)
injection, one could introduce a new Content Security Policy (CSP) rule
which allows for cross-site scripting (XSS) on sites with a separate hea=
der
injection vulnerability. With cross-site scripting vulnerabilities, if a=
user were tricked into viewing a specially crafted page, a remote attack=
er
could exploit this to modify the contents, or steal confidential data,
within the same domain. (CVE-2012-0451)
=20
Mariusz Mlynski discovered that the Home button accepted JavaScript link=
s
to set the browser Home page. An attacker could use this vulnerability t=
o
get the script URL loaded in the privileged about:sessionrestore context=
=2E
(CVE-2012-0458)
=20
Daniel Glazman discovered that the Cascading Style Sheets (CSS)
implementation is vulnerable to crashing due to modification of a keyfra=
me
followed by access to the cssText of the keyframe. If the user were tric=
ked
into opening a specially crafted web page, an attacker could exploit thi=
s
to cause a denial of service via application crash, or potentially execu=
te
code with the privileges of the user invoking Firefox. (CVE-2012-0459)
=20
Matt Brubeck discovered that Firefox did not properly restrict access to=
the window.fullScreen object. If the user were tricked into opening a
specially crafted web page, an attacker could potentially use this
vulnerability to spoof the user interface. (CVE-2012-0460)
=20
Bob Clary, Christian Holler, Jesse Ruderman, Michael Bebenita, David
Anderson, Jeff Walden, Vincenzo Iozzo, and Willem Pinckaers discovered
memory safety issues affecting Firefox. If the user were tricked into
opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0461,
CVE-2012-0462, CVE-2012-0464)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
thunderbird 11.0.1+build1-0ubuntu0.11.10.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1400-4
http://www.ubuntu.com/usn/usn-1400-1
http://www.ubuntu.com/usn/usn-1400-3/, https://launchpad.net/bugs/96263=
1
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/11.0.1+build1-0ubuntu0=
=2E11.10.1
------------
