Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 14.10, 14.04 LTS, 12.04 LTS Moderate: Thunderbird Flaws

ubuntu
Calendar Grey March 3, 2015
Dist Ubuntu Esm H88
Multiple vulnerabilities in Thunderbird resolved. Ensure your Ubuntu systems are updated now for enhanced security.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Armin Razmdjou discovered that contents of locally readable files could

be made available via manipulation of form autocomplete in some

circumstances. If a user were tricked in to opening a specially crafted

message with scripting enabled, an attacker could potentially exploit this

to obtain sensitive information. (CVE-2015-0822)

Abhishek Arya discovered an out-of-bounds read and write when rendering

SVG content in some circumstances. If a user were tricked in to opening

a specially crafted message with scripting enabled, an attacker could

potentially exploit this to obtain sensitive information. (CVE-2015-0827)

Paul Bandha discovered a use-after-free in IndexedDB. If a user were

tricked in to opening a specially crafted message with scripting enabled,

an attacker could potentially exploit this to cause a denial of ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  thunderbird                     1:31.5.0+build1-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  thunderbird                     1:31.5.0+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  thunderbird                     1:31.5.0+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2506-1

CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836

Severity
important
Lowest
Low
Medium
High
Critical

March 03, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.