Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Ubuntu 11.04: USN-1122-2 Moderate: Thunderbird Memory Flaws Exploited

ubuntu
Calendar Grey May 5, 2011
Scroller Ubuntu
Mozilla Thunderbird displays significant security flaws on Ubuntu 11.04, potentially allowing unauthorized code execution. Immediate update is highly recommended.
Thunderbird could be made to run programs as your login if it opened specially crafted mail.

Summary

Thunderbird could be made to run programs as your login if it opened

specially crafted mail.

Software Description:

- thunderbird: mail/news client with RSS and integrated spam filter support

Details:

USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick.

This update provides the corresponding fixes for Natty.

Original advisory details:

It was discovered that there was a vulnerability in the memory handling of

certain types of content. An attacker could exploit this to possibly run

arbitrary code as the user running Thunderbird. (CVE-2011-0081)

It was discovered that Thunderbird incorrectly handled certain JavaScript

requests. If JavaScript were enabled, an attacker could exploit this to

possibly run arbitrary code as the user running Thunderbird.

(CVE-2011-0069)

Ian Beer discovered a vulnerability in the memory handling of a certain

types of documents. An attacker could exploit this to possibly run

arbitrary code as the u...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  thunderbird                     3.1.10+build1+nobinonly-0ubuntu0.11.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069,

CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073,

CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078,

CVE-2011-0080, CVE-2011-0081, CVE-2011-1202

Severity
important
Lowest
Low
Medium
High
Critical

May 05, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.