[USN-978-2] Thunderbird regression

Jamie Strandboge jamie at canonical.com
Fri Sep 17 02:05:58 UTC 2010


===========================================================
Ubuntu Security Notice USN-978-2         September 16, 2010
thunderbird regression
https://launchpad.net/bugs/640839
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.8+build2+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported
stability problems under certain circumstances. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

 Several dangling pointer vulnerabilities were discovered in Thunderbird. An
 attacker could exploit this to crash Thunderbird or possibly run arbitrary
 code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
 CVE-2010-3167)
 
 It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
 did not always honor the same-origin policy. If JavaScript was enabled, an
 attacker could exploit this to run untrusted JavaScript from other domains.
 (CVE-2010-2763)
 
 Matt Haggard discovered that Thunderbird did not honor same-origin policy
 when processing the statusText property of an XMLHttpRequest object. If a
 user were tricked into viewing a malicious site, a remote attacker could
 use this to gather information about servers on internal private networks.
 (CVE-2010-2764)
 
 Chris Rohlf discovered an integer overflow when Thunderbird processed the
 HTML frameset element. If a user were tricked into viewing a malicious
 site, a remote attacker could use this to crash Thunderbird or possibly run
 arbitrary code as the user invoking the program. (CVE-2010-2765)
 
 Several issues were discovered in the browser engine. If a user were
 tricked into viewing a malicious site, a remote attacker could use this to
 crash Thunderbird or possibly run arbitrary code as the user invoking the
 program. (CVE-2010-2766, CVE-2010-3168)
 
 David Huang and Collin Jackson discovered that the <object> tag could
 override the charset of a framed HTML document in another origin. An
 attacker could utilize this to perform cross-site scripting attacks.
 (CVE-2010-2768)
 
 Paul Stone discovered that with designMode enabled an HTML selection
 containing JavaScript could be copied and pasted into a document and have
 the JavaScript execute within the context of the site where the code was
 dropped. If JavaScript was enabled, an attacker could utilize this to
 perform cross-site scripting attacks. (CVE-2010-2769)
 
 A buffer overflow was discovered in Thunderbird when processing text runs.
 If a user were tricked into viewing a malicious site, a remote attacker
 could use this to crash Thunderbird or possibly run arbitrary code as the
 user invoking the program. (CVE-2010-3166)
 
 Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
 Walden, Gary Kwong and Olli Pettay discovered several flaws in the
 browser engine. If a user were tricked into viewing a malicious site, a
 remote attacker could use this to crash Thunderbird or possibly run
 arbitrary code as the user invoking the program. (CVE-2010-3169)


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1.diff.gz
      Size/MD5:    95079 66fa008e5f6df031b1ad5f231f431898
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1.dsc
      Size/MD5:     2412 47d4848db3c5379202c95d1c6846f3ab
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly.orig.tar.gz
      Size/MD5: 60878127 f9cefc763da1d7635d7f5f0141b1e6b0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 64186380 947fd7418d024742733e7e8bb975b749
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:  5245600 b9a5341d9f3748be7702c85eb7f60c6d
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:   149030 581de662dc3ae62bbd21c39bf4b6d812
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:     9302 379e8be2d12e608a908e1e23875f029b
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 11388686 d54d73646053756283c1f0704089825f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 64524204 1bcb85f2f1a0a3ceeb2f4525e863d9bf
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:  5312356 4f0bc7e9e239fcce2affc737dde01b45
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:   148190 ff86f91fb4a989f3265280579c68251a
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:     9294 4fe53877c8393d1d1ae39df58f89dfc2
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 10414156 78d7d44996bd7bebb283c2489801264e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 67171100 38e8af92c7a148870d842edb2b7bdf8e
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:  5238736 9f785fa98eedc1670fcb879b43587fc5
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:   153372 e28f31ee4b2161653aa076f14ea28c1a
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:     9290 2722d1c4757d96f2920af705fe399b48
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 11269554 32f735cb17a6a0e8e47adbd270601070

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 63710592 85de03805d8ebb6838174c7fc0d3c3e0
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:  5221108 828ef1cd6aaa6f0b429eb250ef3be855
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:   144304 1a2639ca21e782dd1e6c55139d046a84
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:     9288 1c6f91e90b24c2c905cd0ec38c9973d5
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 10525548 f692a83ee6da0da71d23c96cf7aa5278



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100916/c1293064/attachment.sig>


More information about the ubuntu-security-announce mailing list