[USN-1122-2] Thunderbird vulnerabilities
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3003645AF7A0EA9437306F36
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-1122-2
May 05, 2011
thunderbird vulnerabilities
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Thunderbird could be made to run programs as your login if it opened
specially crafted mail.
Software Description:
- thunderbird: mail/news client with RSS and integrated spam filter suppo=
rt
Details:
USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick.
This update provides the corresponding fixes for Natty.
Original advisory details:
It was discovered that there was a vulnerability in the memory handling =
of
certain types of content. An attacker could exploit this to possibly run=
arbitrary code as the user running Thunderbird. (CVE-2011-0081)
=20
It was discovered that Thunderbird incorrectly handled certain JavaScrip=
t
requests. If JavaScript were enabled, an attacker could exploit this to
possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0069)
=20
Ian Beer discovered a vulnerability in the memory handling of a certain
types of documents. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0070)
=20
Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderma=
n
discovered several memory vulnerabilities. An attacker could exploit the=
se
to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0080)
=20
Aki Helin discovered multiple vulnerabilities in the HTML rendering code=
=2E
An attacker could exploit these to possibly run arbitrary code as the us=
er
running Thunderbird. (CVE-2011-0074, CVE-2011-0075)
=20
Ian Beer discovered multiple overflow vulnerabilities. An attacker could=
exploit these to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0077, CVE-2011-0078)
=20
Martin Barbella discovered a memory vulnerability in the handling of
certain DOM elements. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0072)
=20
It was discovered that there were use-after-free vulnerabilities in
Thunderbird's mChannel and mObserverList objects. An attacker could expl=
oit
these to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0065, CVE-2011-0066)
=20
It was discovered that there was a vulnerability in the handling of the
nsTreeSelection element. An attacker sending a specially crafted E-Mail
could exploit this to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0073)
=20
Paul Stone discovered a vulnerability in the handling of Java applets. I=
f
plugins were enabled, an attacker could use this to mimic interaction wi=
th
form autocomplete controls and steal entries from the form history.
(CVE-2011-0067)
=20
Soroush Dalili discovered a vulnerability in the resource: protocol. Thi=
s
could potentially allow an attacker to load arbitrary files that were
accessible to the user running Thunderbird. (CVE-2011-0071)
=20
Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id=
()
function. An attacker could possibly use this vulnerability to make othe=
r
attacks more reliable. (CVE-2011-1202)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
thunderbird 3.1.10+build1+nobinonly-0ubuntu0.11.04.=
1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069,
CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073,
CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078,
CVE-2011-0080, CVE-2011-0081, CVE-2011-1202
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/3.1.10+build1+nobinonl=
y-0ubuntu0.11.04.1
--------------enig3003645AF7A0EA9437306F36
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3CZ78ACgkQTniv4aqX/VkZkQCePuwnymQCmr3qll05S6Ky3EvO
8OcAn0LygsmybsZIpXYre+yzdrKbYbXP
=qQc3
-----END PGP SIGNATURE-----
--------------enig3003645AF7A0EA9437306F36--