Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Ubuntu 10.10 Security Advisory: USN-1122-1 Critical: Thunderbird Threat

ubuntu
Calendar Grey May 5, 2011
Scroller Ubuntu
Security flaws in Thunderbird for Ubuntu 10.10 and 10.04 allow for arbitrary code execution when users open specially designed emails.
Thunderbird could be made to run programs as your login if it opened specially crafted mail.

Summary

Thunderbird could be made to run programs as your login if it opened

specially crafted mail.

Software Description:

- thunderbird: mail/news client with RSS and integrated spam filter support

Details:

It was discovered that there was a vulnerability in the memory handling of

certain types of content. An attacker could exploit this to possibly run

arbitrary code as the user running Thunderbird. (CVE-2011-0081)

It was discovered that Thunderbird incorrectly handled certain JavaScript

requests. If JavaScript were enabled, an attacker could exploit this to

possibly run arbitrary code as the user running Thunderbird.

(CVE-2011-0069)

Ian Beer discovered a vulnerability in the memory handling of a certain

types of documents. An attacker could exploit this to possibly run

arbitrary code as the user running Thunderbird. (CVE-2011-0070)

Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman

discovered several memory vulnerabilities. An attacker ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  thunderbird                     3.1.10+build1+nobinonly-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:
  thunderbird                     3.1.10+build1+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069,

CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073,

CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078,

CVE-2011-0080, CVE-2011-0081, CVE-2011-1202

Severity
critical
Lowest
Low
Medium
High
Critical

May 05, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.