[USN-350-1] Thunderbird vulnerabilities

Martin Pitt martin.pitt at canonical.com
Thu Sep 21 15:00:04 UTC 2006


=========================================================== 
Ubuntu Security Notice USN-350-1         September 21, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804,
CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809,
CVE-2006-3810, CVE-2006-3811, CVE-2006-3812, CVE-2006-4253,
CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567,
CVE-2006-4570, CVE-2006-4571
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mozilla-thunderbird                      1.5.0.7-0ubuntu0.5.10
  mozilla-thunderbird-locale-ca            1.5-ubuntu5.10
  mozilla-thunderbird-locale-de            1.5-ubuntu5.10
  mozilla-thunderbird-locale-fr            1.5-ubuntu5.10
  mozilla-thunderbird-locale-it            1.5-ubuntu5.10
  mozilla-thunderbird-locale-nl            1.5-ubuntu5.10
  mozilla-thunderbird-locale-pl            1.5-ubuntu5.10
  mozilla-thunderbird-locale-uk            1.5-ubuntu5.10
  mozilla-thunderbird-enigmail             2:0.94-0ubuntu0.5.10
  mozilla-thunderbird-inspector            1.5.0.7-0ubuntu0.5.10
  mozilla-thunderbird-typeaheadfind        1.5.0.7-0ubuntu0.5.10

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

Please note that Thunderbird 1.0.8 in Ubuntu 5.04 is also affected by
these problems. An update will be provided shortly.

Details follow:

This update upgrades Thunderbird from 1.0.8 to 1.5.0.7. This step was
necessary since the 1.0.x series is not supported by upstream any
more.

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810,
CVE-2006-3811, CVE-2006-3812, CVE-2006-4253, CVE-2006-4565,
CVE-2006-4566, CVE-2006-4571)

A buffer overflow has been discovered in the handling of .vcard files.
By tricking a user into importing a malicious vcard into his contacts,
this could be exploited to execute arbitrary code with the user's
privileges.  (CVE-2006-3804)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Jon Oberheide reported a way how a remote attacker could trick users
into downloading arbitrary extensions with circumventing the normal
SSL certificate check. The attacker would have to be in a position to
spoof the victim's DNS, causing them to connect to sites of the
attacker's choosing rather than the sites intended by the victim. If
they gained that control and the victim accepted the attacker's cert
for the Mozilla update site, then the next update check could be
hijacked and redirected to the attacker's site without detection.
(CVE-2006-4567)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)

The "enigmail" plugin and the translation packages have been updated
to work with the new Thunderbird version.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.7-0ubuntu0.5.10.diff.gz
      Size/MD5:   451765 f226c2d1fb27ff7d1901563c0e7ae6aa
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.7-0ubuntu0.5.10.dsc
      Size/MD5:      960 33f4c6cf8f964b3bbf0cb7bf2a9b3a41
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.7.orig.tar.gz
      Size/MD5: 35412353 4e43a174c53adf09382a4f959b86abe6
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu0.5.10.diff.gz
      Size/MD5:    20864 3aee73c8c9d639372dc3f28a5f145324
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu0.5.10.dsc
      Size/MD5:      785 25206240fb199da5bbb5ab080600b0d5
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94.orig.tar.gz
      Size/MD5:  3126659 7e34cbe51f5a1faca2e26fa0edfd6a06
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-ca/mozilla-thunderbird-locale-ca_1.5-ubuntu5.10.dsc
      Size/MD5:      598 1d99f1f9e4dee5e65e3783a5f97dd263
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-ca/mozilla-thunderbird-locale-ca_1.5-ubuntu5.10.tar.gz
      Size/MD5:   194758 ef06a28aee74c384480bc0ab4b4b884c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-de/mozilla-thunderbird-locale-de_1.5-ubuntu5.10.dsc
      Size/MD5:      596 4fa9a37540021ec258720b4870bb96d7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-de/mozilla-thunderbird-locale-de_1.5-ubuntu5.10.tar.gz
      Size/MD5:   169713 7c1002115108c1ed63d270a8d679b039
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-fr/mozilla-thunderbird-locale-fr_1.5-ubuntu5.10.dsc
      Size/MD5:      599 ef565a49f01984cf671542e909fc9585
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-fr/mozilla-thunderbird-locale-fr_1.5-ubuntu5.10.tar.gz
      Size/MD5:   204062 8a1ef43eccb78e45895bd1bff458d0fe
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-it/mozilla-thunderbird-locale-it_1.5-ubuntu5.10.dsc
      Size/MD5:      601 90e8f323e3bc9a5f46c4a97a509cfc93
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-it/mozilla-thunderbird-locale-it_1.5-ubuntu5.10.tar.gz
      Size/MD5:   158517 cddf397975e97c0dbd7152f387655303
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-nl/mozilla-thunderbird-locale-nl_1.5-ubuntu5.10.dsc
      Size/MD5:      596 b4d740d0e33dde12c978b8f7385f690d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-nl/mozilla-thunderbird-locale-nl_1.5-ubuntu5.10.tar.gz
      Size/MD5:   195416 fc5bc7dc7388131564bdbbd16ab10b93
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-pl/mozilla-thunderbird-locale-pl_1.5-ubuntu5.10.dsc
      Size/MD5:      632 de741d572f4ab22f99793aa3cfbe20e3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-pl/mozilla-thunderbird-locale-pl_1.5-ubuntu5.10.tar.gz
      Size/MD5:   192583 5cf008def5286ed0054a0a5015607cf7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-uk/mozilla-thunderbird-locale-uk_1.5-ubuntu5.10.dsc
      Size/MD5:      589 330958f8cb291d10cdc0196768233ad0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-uk/mozilla-thunderbird-locale-uk_1.5-ubuntu5.10.tar.gz
      Size/MD5:    11499 dd66aaa9efadb412e3122657a2da25fa

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-ca/mozilla-thunderbird-locale-ca_1.5-ubuntu5.10_all.deb
      Size/MD5:   189666 473e996d047d43f6dd7bec92d53cfa03
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-de/mozilla-thunderbird-locale-de_1.5-ubuntu5.10_all.deb
      Size/MD5:   167484 20623a5c44dc5b2196da99eed084b8b8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-fr/mozilla-thunderbird-locale-fr_1.5-ubuntu5.10_all.deb
      Size/MD5:   197384 6a49d6b1d63c6fbf5a5ba552916d933a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-it/mozilla-thunderbird-locale-it_1.5-ubuntu5.10_all.deb
      Size/MD5:   153016 c1e4f810878dfb4ea7a98422e566bab7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-nl/mozilla-thunderbird-locale-nl_1.5-ubuntu5.10_all.deb
      Size/MD5:   195206 a2b2c8189f2bdbd52ba207e467404e18
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-pl/mozilla-thunderbird-locale-pl_1.5-ubuntu5.10_all.deb
      Size/MD5:   186030 4d1c2103ee676e569c0feb553161107c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird-locale-uk/mozilla-thunderbird-locale-uk_1.5-ubuntu5.10_all.deb
      Size/MD5:    11860 088e396b7bc681bbf773232e1fc62b7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.7-0ubuntu0.5.10_amd64.deb
      Size/MD5:  3523522 a76de9534e4f7062f6ca1089ba190b95
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.7-0ubuntu0.5.10_amd64.deb
      Size/MD5:   190306 74bda8f95e40506db2eb9522ff5a0aad
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.7-0ubuntu0.5.10_amd64.deb
      Size/MD5:    55528 5bba85b882ef03b8d6abf6a30ee87581
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.7-0ubuntu0.5.10_amd64.deb
      Size/MD5: 11976232 2d6fd4f9dfc0f141d9deb7321d8c3d4f
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10_amd64.deb
      Size/MD5:   334962 a958117e8d86e698a1e0486169086c96

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.7-0ubuntu0.5.10_i386.deb
      Size/MD5:  3516366 c0f3feae48b1c6aa62f3423279be2725
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.7-0ubuntu0.5.10_i386.deb
      Size/MD5:   183652 664776fcb3fcc35bb58e7edbc3a5492b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.7-0ubuntu0.5.10_i386.deb
      Size/MD5:    51154 d35f0c9b0ad24a3ecb16c3ce29cd5427
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.7-0ubuntu0.5.10_i386.deb
      Size/MD5: 10282110 16ef30b246a84f1872129c6ecd9d0a75
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10_i386.deb
      Size/MD5:   322874 fdfb2bb51b8b360734169d9a6362bfb7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.7-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  3520948 5d6db52b3aa4ea827dae5d2d1d42ade1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.7-0ubuntu0.5.10_powerpc.deb
      Size/MD5:   187002 2998ab2a9287273f9b80ad7ce9ba5829
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.7-0ubuntu0.5.10_powerpc.deb
      Size/MD5:    54712 73da47232d65de50c846c0d287ccd4ca
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.7-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 11523006 c8d86889f60569a3d578241e63f89f11
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu0.5.10_powerpc.deb
      Size/MD5:   326204 f25574cc20db03e78e0879b941a36600
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20060921/1f31363c/attachment.sig>


More information about the ubuntu-security-announce mailing list