Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 10.04 LTS: USN-978-1 Critical: Thunderbird Pointer Flaws

Calendar Sep 08, 2010 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution exploit Ubuntu pointer issue
Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) [More...] 
==========================================================Ubuntu Security Notice USN-978-1         September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.7+build1+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)

It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)

Matt Haggard discovered that Thunderbird did not honor same-origin policy
when processing the statusText property of an XMLHttpRequest object. If a
user were tricked into viewing a malicious site, a remote attacker could
use this to gather information about servers on internal private networks.
(CVE-2010-2764)

Chris Rohlf discovered an integer overflow when Thunderbird processed the
HTML frameset element. If a user were tricked into viewing a malicious
site, a remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2765)

Several issues were discovered in the browser engine. If a user were
tricked into viewing a malicious site, a remote attacker could use this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-2766, CVE-2010-3168)

David Huang and Collin Jackson discovered that the  tag could
override the charset of a framed HTML document in another origin. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-2768)

Paul Stone discovered that with designMode enabled an HTML selection
containing JavaScript could be copied and pasted into a document and have
the JavaScript execute within the context of the site where the code was
dropped. If JavaScript was enabled, an attacker could utilize this to
perform cross-site scripting attacks. (CVE-2010-2769)

A buffer overflow was discovered in Thunderbird when processing text runs.
If a user were tricked into viewing a malicious site, a remote attacker
could use this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3166)

Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
Walden, Gary Kwong and Olli Pettay discovered several flaws in the
browser engine. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-3169)


Updated packages for Ubuntu 10.04:

  Source archives:

          Size/MD5:    95206 4bcbfa877f444cf2450eab3515506da1
          Size/MD5:     2412 0b12f85cb9a236a83093f405c5d6a969
          Size/MD5: 60861438 787f3ada01e85ce751a93dcdd44e5b18

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5: 64189408 f9d30b6540c1f08db812d3c18b5b2bda
          Size/MD5:  5244574 b269d564ef691c32a2f716c1c7e9aaf3
          Size/MD5:   149000 dbf4f8177949f0abb27ee28f9aaab9ee
          Size/MD5:     9292 c6ce63a3f9c5c6ac3bc38177e8068c8b
          Size/MD5: 11388676 4a3902f27af3fabbf470d74217cfdec4

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5: 64524720 ffa0415a1fd30ea1676ac8baa2696053
          Size/MD5:  5835466 7bf21437b4bd3b4ba12e54765f4a080f
          Size/MD5:   148158 08a86b8c727c41a9ba6b238d2dcf38a8
          Size/MD5:     9298 5c212edc616b976c85fc5e2388208047
          Size/MD5: 10452902 c0ca4fcc4079ae3c71c96f46daf40b2a

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5: 67162668 bdc28d4ea3920862d7ab443da5da6a00
          Size/MD5:  5240958 5e2813bf1d9139d5a2f4319f8d7775e3
          Size/MD5:   153348 cc627997e576e4a2aa92b1a6e6572658
          Size/MD5:     9298 948556156feafd5217db3f17cf214cec
          Size/MD5: 11269402 37707d8067040585eb2ba7bb0ac239d4

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5: 63711766 5546c9d27c8b2f0d7052e2f8ff5f542f
          Size/MD5:  5220548 853e41fbba4e18dec5a318c59240d1a6
          Size/MD5:   144284 4f946395f339d5d5909e22f1526eb3ba
          Size/MD5:     9296 47b20d6748ff4c78d1875c7ab8699f7f
          Size/MD5: 10525676 1a0a82cb2fecabdeec28ee544cf34e42

Ubuntu 10.04 LTS: USN-978-1 Critical: Thunderbird Pointer Flaws

ubuntu
Calendar Grey September 8, 2010
Dist Ubuntu Esm H88
Several vulnerabilities tied to dangling pointers in Thunderbird could let attackers crash or exploit the software. Users should update to the latest secure versions promptly
Several dangling pointer vulnerabilities were discovered in Thunderbird

Summary

Topics%20covered

Topics Covered

security advisory critical code execution exploit Ubuntu pointer issue

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

thunderbird vulnerabilities

Topics%20covered

Topics Covered

security advisory critical code execution exploit Ubuntu pointer issue

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here