Home / mailings [USN-1510-1] Thunderbird vulnerabilities
Posted on 18 July 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1510-1
July 17, 2012
thunderbird vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discov=
ered
memory safety issues affecting Thunderbird. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit these =
to
cause a denial of service via application crash, or potentially execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1948,
CVE-2012-1949)
Abhishek Arya discovered four memory safety issues affecting Thunderbird. If
the user were tricked into opening a specially crafted page, an attacker co=
uld
possibly exploit these to cause a denial of service via application crash, =
or
potentially execute code with the privileges of the user invoking Thunderbi=
rd.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a si=
te
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML <embed> tags were not filtered out of =
the
HTML <description> of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the =
HTML
feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potenti=
ally
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1958)
Bobby Holley discovered that same-compartment security wrappers (SCSW) coul=
d be
bypassed to allow XBL access. If the user were tricked into opening a speci=
ally
crafted page, an attacker could possibly exploit this to execute code with =
the
privileges of the user invoking Thunderbird. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)
Fr=E9d=E9ric Buclin discovered that the X-Frame-Options header was ignored =
when its
value was specified multiple times. An attacker could exploit this to condu=
ct
clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potenti=
ally
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1962)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 implementation. If the user were tricked =
into
opening a specially crafted page, an attacker could possibly exploit this to
access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1=
963)
It was discovered that the execution of javascript: URLs was not properly
handled in some cases. A remote attacker could exploit this to execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1967)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
thunderbird 14.0+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
thunderbird 14.0+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
thunderbird 14.0+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
thunderbird 14.0+build1-0ubuntu0.10.04.1
When upgrading, users should be aware of the following:
- In Ubuntu 11.04, unity-2d users may lose the ability to view drop-down me=
nus,
context menus, and perform drag-and-drop operations in Thunderbird. This is=
a
known issue being tracked in https://launchpad.net/bugs/1020198 and may be
fixed in a later update.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1510-1
CVE-2012-1948, CVE-2012-1949, CVE-2012-1951, CVE-2012-1952,
CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957,
CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961,
CVE-2012-1962, CVE-2012-1963, CVE-2012-1967, https://launchpad.net/bugs/1=
020198,
https://launchpad.net/bugs/1024564
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.12.=
04.1
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.11.=
10.1
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.11.=
04.1
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.10.=
04.1
