Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas
Werner discovered multiple memory safety issues in Thunderbird. If a user
were tricked in to opening a specially crafted message with scripting
enabled, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1587)
Joe Vennix discovered a crash when using XMLHttpRequest in some
circumstances. If a user were tricked in to opening a specially crafted
message with scripting enabled, an attacker could potentially exploit this
to cause a denial of service. (CVE-2014-1590)
Berend-Jan Wever discovered a use-after-free during HTML parsing. If a
user were tricked in to opening a specially crafted message with scripting
enable...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: thunderbird 1:31.3.0+build1-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: thunderbird 1:31.3.0+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: thunderbird 1:31.3.0+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2428-1
CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593,
CVE-2014-1594
Get the latest Linux and open source security news straight to your inbox.