Home / mailings [USN-1430-3] Thunderbird vulnerabilities
Posted on 04 May 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1430-3
May 04, 2012
thunderbird vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1430-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.
Original advisory details:
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Petta=
y
discovered memory safety issues affecting Firefox. If the user were tric=
ked
into opening a specially crafted page, an attacker could exploit these t=
o
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)
=20
Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with t=
he
privileges of the user invoking Firefox. (CVE-2012-0469)
=20
Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalabl=
e
Vector Graphics (SVG) image file, an attacker could exploit these to cau=
se
a denial of service via application crash, or potentially execute code w=
ith
the privileges of the user invoking Firefox. (CVE-2012-0470)
=20
Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a special=
ly
crafted page, a remote attacker could exploit this to modify the content=
s,
or steal confidential data, within the same domain. (CVE-2012-0471)
=20
Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memo=
ry.
An attacker could possibly exploit this to cause a denial of service via=
application crash. (CVE-2012-0473)
=20
Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted=
page, a remote attacker could exploit this to modify the contents, or st=
eal
confidential data, within the same domain. (CVE-2012-0474)
=20
Simone Fabiano discovered that Firefox did not always send correct origi=
n
headers when connecting to an IPv6 websites. An attacker could potential=
ly
use this to bypass intended access controls. (CVE-2012-0475)
=20
Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character se=
ts.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this t=
o
modify the contents, or steal confidential data, within the same domain.=
(CVE-2012-0477)
=20
It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially craf=
ted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of th=
e
user invoking Firefox. (CVE-2012-0478)
=20
Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer=
=2E
If the user were tricked into opening a specially crafted page, an attac=
ker
could exploit this to cause a denial of service via application crash, o=
r
potentially execute code with the privileges of the user invoking Firefo=
x.
(CVE-2011-3062)
=20
Daniel Divricean discovered a defect in the error handling of JavaScript=
errors can potentially leak the file names and location of JavaScript fi=
les
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)
=20
Jeroen van der Gun discovered a vulnerability in the way Firefox handled=
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused=
the location bar to be updated with the address of this content, while t=
he
main window still displays the previously loaded content. An attacker co=
uld
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
thunderbird 12.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
thunderbird 12.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
thunderbird 12.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
thunderbird 12.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1430-3
http://www.ubuntu.com/usn/usn-1430-1
CVE-2011-1187, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468,
CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473,
CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478,
CVE-2012-0479, https://launchpad.net/bugs/987305
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/12.0.1+build1-0ubuntu0=
=2E12.04.1
https://launchpad.net/ubuntu/+source/thunderbird/12.0.1+build1-0ubuntu0=
=2E11.10.1
https://launchpad.net/ubuntu/+source/thunderbird/12.0.1+build1-0ubuntu0=
=2E11.04.1
https://launchpad.net/ubuntu/+source/thunderbird/12.0.1+build1-0ubuntu0=
=2E10.04.1
------------
