Home / mailingsPDF  

[USN-1551-1] Thunderbird vulnerabilities

Posted on 30 August 2012
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-1551-1
August 30, 2012

thunderbird vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Multiple security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andr=
ew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Thunderbird. If the use=
r
were tricked into opening a specially crafted E-Mail, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1970, CVE-2012-1971)

Abhishek Arya discovered multiple use-after-free vulnerabilities. If the
user were tricked into opening a specially crafted E-Mail, an attacker
could exploit these to cause a denial of service via application crash, o=
r
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,=

CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959=
,
CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964=
)

Mariusz Mlynsk discovered that it is possible to shadow the location obje=
ct
using Object.defineProperty. This could potentially result in a cross-sit=
e
scripting (XSS) attack against plugins. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
E-Mail, a remote attacker could exploit this to modify the contents or
steal confidential data within the same domain. (CVE-2012-1956)

Fr=C3=A9d=C3=A9ric Hoguin discovered that bitmap format images with a neg=
ative height
could potentially result in memory corruption. If the user were tricked
into opening a specially crafted image, an attacker could exploit this to=

cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Thunderbird. (CVE-2012-3966=
)

It was discovered that Thunderbird's WebGL implementation was vulnerable =
to
multiple memory safety issues. If the user were tricked into opening a
specially crafted E-Mail, an attacker could exploit these to cause a deni=
al
of service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-3967, CVE-2012-396=
8)

Arthur Gerkis discovered multiple memory safety issues in Thunderbird's
Scalable Vector Graphics (SVG) implementation. If the user were tricked
into opening a specially crafted image, an attacker could exploit these t=
o
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Thunderbird. (CVE-2012-3969=
,
CVE-2012-3970)

Christoph Diehl discovered multiple memory safety issues in the bundled
Graphite 2 library. If the user were tricked into opening a specially
crafted E-Mail, an attacker could exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-3971)

Nicolas Gr=C3=A9goire discovered an out-of-bounds read in the format-numb=
er
feature of XSLT. This could potentially cause inaccurate formatting of
numbers and information leakage. (CVE-2012-3972)

It was discovered that when the DOMParser is used to parse text/html data=

in a Thunderbird extension, linked resources within this HTML data will b=
e
loaded. If the data being parsed in the extension is untrusted, it could
lead to information leakage and potentially be combined with other attack=
s
to become exploitable. (CVE-2012-3975)

It was discovered that, in some instances, certain security checks in the=

location object could be bypassed. This could allow for the loading of
restricted content and can potentially be combined with other issues to
become exploitable. (CVE-2012-3978)

Colby Russell discovered that eval in the web console can execute injecte=
d
code with chrome privileges, leading to the running of malicious code in =
a
privileged context. If the user were tricked into opening a specially
crafted E-Mail, an attacker could exploit this to cause a denial of servi=
ce
via application crash, or potentially execute code with the privileges of=

the user invoking Thunderbird. (CVE-2012-3980)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
thunderbird 15.0+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
thunderbird 15.0+build1-0ubuntu0.11.10.1

Ubuntu 11.04:
thunderbird 15.0+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:
thunderbird 15.0+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1551-1
CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972,
CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,
CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,
CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968,
CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972,
CVE-2012-3975, CVE-2012-3978, CVE-2012-3980, https://launchpad.net/bugs=
/1042165

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/15.0+build1-0ubuntu0.1=
2.04.1
https://launchpad.net/ubuntu/+source/thunderbird/15.0+build1-0ubuntu0.1=
1.10.1
https://launchpad.net/ubuntu/+source/thunderbird/15.0+build1-0ubuntu0.1=
1.04.1
https://launchpad.net/ubuntu/+source/thunderbird/15.0+build1-0ubuntu0.1=
0.04.1






------------

 

TOP

Mailings :

Exploits :