Home / mailingsPDF  

[USN-1636-1] Thunderbird vulnerabilities

Posted on 21 November 2012
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-1636-1
November 21, 2012

thunderbird vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Multiple security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed
Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and
Andrew McCreight discovered several memory corruption flaws in Thunderbir=
d.
If a user were tricked into opening a malicious website and had JavaScrip=
t
enabled, an attacker could exploit these to execute arbitrary JavaScript
code within the context of another website or arbitrary code as the user
invoking the program. (CVE-2012-5842, CVE-2012-5843)

Atte Kettunen discovered a buffer overflow while rendering GIF format
images. An attacker could exploit this to possibly execute arbitrary code=

as the user invoking Thunderbird. (CVE-2012-4202)

It was discovered that the evalInSandbox function's JavaScript sandbox
context could be circumvented. An attacker could exploit this to perform =
a
cross-site scripting (XSS) attack or steal a copy of a local file if the
user has installed an add-on vulnerable to this attack. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a speciall=
y
crafted page and had JavaScript enabled, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain. (CVE-2012-4201)

Jonathan Stephens discovered that combining vectors involving the setting=

of Cascading Style Sheets (CSS) properties in conjunction with SVG text
could cause Thunderbird to crash. If a user were tricked into opening a
malicious E-Mail, an attacker could cause a denial of service via
application crash or execute arbitrary code with the privliges of the use=
r
invoking the program. (CVE-2012-5836)

Scott Bell discovered a memory corruption issue in the JavaScript engine.=

If a user were tricked into opening a malicious website and had JavaScrip=
t
enabled, an attacker could exploit this to execute arbitrary JavaScript
code within the context of another website or arbitrary code as the user
invoking the program. (CVE-2012-4204)

Gabor Krizsanits discovered that XMLHttpRequest objects created within
sandboxes have the system principal instead of the sandbox principal. Thi=
s
can lead to cross-site request forgery (CSRF) or information theft via an=

add-on running untrusted code in a sandbox. (CVE-2012-4205)

Peter Van der Beken discovered XrayWrapper implementation in Firefox does=

not consider the compartment during property filtering. If JavaScript wer=
e
enabled, an attacker could use this to bypass intended chrome-only
restrictions on reading DOM object properties via a crafted web site.
(CVE-2012-4208)

Bobby Holley discovered that cross-origin wrappers were allowing write
actions on objects when only read actions should have been properly
allowed. This can lead to cross-site scripting (XSS) attacks. With
cross-site scripting vulnerabilities, if a user were tricked into viewing=
a
specially crafted page and had JavaScript enabled, a remote attacker coul=
d
exploit this to modify the contents, or steal confidential data, within
the same domain. (CVE-2012-5841)

Masato Kinugawa discovered that when HZ-GB-2312 charset encoding is used
for text, the "~" character will destroy another character near the chunk=

delimiter. This can lead to a cross-site scripting (XSS) attack in pages
encoded in HZ-GB-2312. With cross-site scripting vulnerabilities, if a us=
er
were tricked into viewing a specially crafted page and had JavaScript
enabled, a remote attacker could exploit these to modify the contents, or=

steal confidential data, within the same domain. (CVE-2012-4207)

Mariusz Mlynski discovered that the location property can be accessed by
binary plugins through top.location with a frame whose name attribute's
value is set to "top". This can allow for possible cross-site scripting
(XSS) attacks through plugins. With cross-site scripting vulnerabilities,=

if a user were tricked into viewing a specially crafted page and had
JavaScript enabled, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-4209)

Abhishek Arya discovered multiple use-after-free and buffer overflow issu=
es
in Thunderbird. If a user were tricked into opening a malicious website a=
nd
had JavaScript enabled, an attacker could exploit these to execute
arbitrary JavaScript code within the context of another website or
arbitrary code as the user invoking the program. (CVE-2012-4214,
CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840=
,
CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218)

Several memory corruption flaws were discovered in Thunderbird. If a user=

were tricked into opening a malicious website and had JavaScript enabled,=

an attacker could exploit these to execute arbitrary JavaScript code with=
in
the context of another website or arbitrary code as the user invoking the=

program. (CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
thunderbird 17.0+build2-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
thunderbird 17.0+build2-0ubuntu0.12.04.1

Ubuntu 11.10:
thunderbird 17.0+build2-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
thunderbird 17.0+build2-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make al=
l
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1636-1
CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205,
CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212,
CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216,
CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830,
CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5838,
CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842,
CVE-2012-5843, https://launchpad.net/bugs/1080212

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/17.0+build2-0ubuntu0.1=
2.10.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0+build2-0ubuntu0.1=
2.04.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0+build2-0ubuntu0.1=
1.10.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0+build2-0ubuntu0.1=
0.04.1





------------

 

TOP

Mailings :

Exploits :