Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Ubuntu 12.10: USN-1636-1 Critical: Thunderbirds Memory Flaws and Attacks

ubuntu
Calendar Grey November 21, 2012
Scroller Ubuntu
Several vulnerabilities have been addressed in Thunderbird. Please update immediately to ensure system security and guard against potential threats.
Multiple security issues were fixed in Thunderbird.

Summary

Multiple security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed

Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and

Andrew McCreight discovered several memory corruption flaws in Thunderbird.

If a user were tricked into opening a malicious website and had JavaScript

enabled, an attacker could exploit these to execute arbitrary JavaScript

code within the context of another website or arbitrary code as the user

invoking the program. (CVE-2012-5842, CVE-2012-5843)

Atte Kettunen discovered a buffer overflow while rendering GIF format

images. An attacker could exploit this to possibly execute arbitrary code

as the user invoking Thunderbird. (CVE-2012-4202)

It was discovered that the evalInSandbox function's JavaScript sandbox

context could be circumvented. An attacker could exploit this to perfo...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  thunderbird                     17.0+build2-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
  thunderbird                     17.0+build2-0ubuntu0.12.04.1

Ubuntu 11.10:
  thunderbird                     17.0+build2-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
  thunderbird                     17.0+build2-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-1636-1

CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205,

CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212,

CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216,

CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830,

CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5838,

CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842,

CVE-2012-5843, https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1080212

Severity
critical
Lowest
Low
Medium
High
Critical

November 21, 2012

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.