Explore top 10 tips to secure your open-source projects now. Read More
×
Multiple security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed
Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and
Andrew McCreight discovered several memory corruption flaws in Thunderbird.
If a user were tricked into opening a malicious website and had JavaScript
enabled, an attacker could exploit these to execute arbitrary JavaScript
code within the context of another website or arbitrary code as the user
invoking the program. (CVE-2012-5842, CVE-2012-5843)
Atte Kettunen discovered a buffer overflow while rendering GIF format
images. An attacker could exploit this to possibly execute arbitrary code
as the user invoking Thunderbird. (CVE-2012-4202)
It was discovered that the evalInSandbox function's JavaScript sandbox
context could be circumvented. An attacker could exploit this to perfo...
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: thunderbird 17.0+build2-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: thunderbird 17.0+build2-0ubuntu0.12.04.1 Ubuntu 11.10: thunderbird 17.0+build2-0ubuntu0.11.10.1 Ubuntu 10.04 LTS: thunderbird 17.0+build2-0ubuntu0.10.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes.
https://ubuntu.com/security/notices/USN-1636-1
CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205,
CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212,
CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216,
CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830,
CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5838,
CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842,
CVE-2012-5843, https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1080212
Get the latest Linux and open source security news straight to your inbox.