Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu: 17.04 USN-3278-1 Moderate: Thunderbird Security Threats

Calendar May 16, 2017 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security issue cross-site scripting arbitrary code execution ubuntu thunderbird
Several security issues were fixed in Thunderbird. 
=========================================================================Ubuntu Security Notice USN-3278-1
May 16, 2017

thunderbird vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to read uninitialized memory, cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5429,
CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445,
CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467)

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to spoof the addressbar
contents, conduct cross-site scripting (XSS) attacks, cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5432,
CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438,
CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449,
CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464,
CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2017-10195,
CVE-2017-10196, CVE-2017-10197)

A flaw was discovered in the DRBG number generation in NSS. If an
attacker were able to perform a man-in-the-middle attack, this flaw
could potentially be exploited to view sensitive information.
(CVE-2017-5462)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  thunderbird                     1:52.1.1+build1-0ubuntu0.17.04.1

Ubuntu 16.10:
  thunderbird                     1:52.1.1+build1-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  thunderbird                     1:52.1.1+build1-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  thunderbird                     1:52.1.1+build1-0ubuntu0.14.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3278-1
  CVE-2017-10195, CVE-2017-10196, CVE-2017-10197, CVE-2017-5429,
  CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,
  CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438,
  CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442,
  CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446,
  CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454,
  CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462,
  CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467,
  CVE-2017-5469

Package Information:
  https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.17.04.1
  https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.16.10.1
  https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.14.04.1

Ubuntu: 17.04 USN-3278-1 Moderate: Thunderbird Security Threats

ubuntu
Calendar Grey May 16, 2017
Dist Ubuntu Esm H88
Various vulnerabilities addressed in Thunderbird for Ubuntu 17.04 and prior editions. It's advised to apply updates to maintain security.
Several security issues were fixed in Thunderbird.

Summary

Topics%20covered

Topics Covered

security advisory denial of service security issue cross-site scripting arbitrary code execution ubuntu thunderbird

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: thunderbird 1:52.1.1+build1-0ubuntu0.17.04.1 Ubuntu 16.10: thunderbird 1:52.1.1+build1-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: thunderbird 1:52.1.1+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: thunderbird 1:52.1.1+build1-0ubuntu0.14.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3278-1

CVE-2017-10195, CVE-2017-10196, CVE-2017-10197, CVE-2017-5429,

CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,

CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438,

CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442,

CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446,

CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454,

CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462,

CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467,

CVE-2017-5469

May 16, 2017

Topics%20covered

Topics Covered

security advisory denial of service security issue cross-site scripting arbitrary code execution ubuntu thunderbird

Package Information

https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/thunderbird/1:52.1.1+build1-0ubuntu0.14.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here