[USN-978-1] Thunderbird vulnerabilities
Jamie Strandboge
jamie at canonical.com
Wed Sep 8 23:47:37 UTC 2010
===========================================================
Ubuntu Security Notice USN-978-1 September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
thunderbird 3.0.7+build1+nobinonly-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Details follow:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)
Matt Haggard discovered that Thunderbird did not honor same-origin policy
when processing the statusText property of an XMLHttpRequest object. If a
user were tricked into viewing a malicious site, a remote attacker could
use this to gather information about servers on internal private networks.
(CVE-2010-2764)
Chris Rohlf discovered an integer overflow when Thunderbird processed the
HTML frameset element. If a user were tricked into viewing a malicious
site, a remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2765)
Several issues were discovered in the browser engine. If a user were
tricked into viewing a malicious site, a remote attacker could use this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-2766, CVE-2010-3168)
David Huang and Collin Jackson discovered that the <object> tag could
override the charset of a framed HTML document in another origin. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-2768)
Paul Stone discovered that with designMode enabled an HTML selection
containing JavaScript could be copied and pasted into a document and have
the JavaScript execute within the context of the site where the code was
dropped. If JavaScript was enabled, an attacker could utilize this to
perform cross-site scripting attacks. (CVE-2010-2769)
A buffer overflow was discovered in Thunderbird when processing text runs.
If a user were tricked into viewing a malicious site, a remote attacker
could use this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3166)
Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
Walden, Gary Kwong and Olli Pettay discovered several flaws in the
browser engine. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-3169)
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 95206 4bcbfa877f444cf2450eab3515506da1
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2412 0b12f85cb9a236a83093f405c5d6a969
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly.orig.tar.gz
Size/MD5: 60861438 787f3ada01e85ce751a93dcdd44e5b18
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 64189408 f9d30b6540c1f08db812d3c18b5b2bda
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5244574 b269d564ef691c32a2f716c1c7e9aaf3
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 149000 dbf4f8177949f0abb27ee28f9aaab9ee
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9292 c6ce63a3f9c5c6ac3bc38177e8068c8b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 11388676 4a3902f27af3fabbf470d74217cfdec4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 64524720 ffa0415a1fd30ea1676ac8baa2696053
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5835466 7bf21437b4bd3b4ba12e54765f4a080f
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 148158 08a86b8c727c41a9ba6b238d2dcf38a8
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9298 5c212edc616b976c85fc5e2388208047
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 10452902 c0ca4fcc4079ae3c71c96f46daf40b2a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 67162668 bdc28d4ea3920862d7ab443da5da6a00
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5240958 5e2813bf1d9139d5a2f4319f8d7775e3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 153348 cc627997e576e4a2aa92b1a6e6572658
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9298 948556156feafd5217db3f17cf214cec
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11269402 37707d8067040585eb2ba7bb0ac239d4
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 63711766 5546c9d27c8b2f0d7052e2f8ff5f542f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5220548 853e41fbba4e18dec5a318c59240d1a6
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 144284 4f946395f339d5d5909e22f1526eb3ba
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9296 47b20d6748ff4c78d1875c7ab8699f7f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 10525676 1a0a82cb2fecabdeec28ee544cf34e42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100908/6376fb4d/attachment.sig>
More information about the ubuntu-security-announce
mailing list