==========================================================Ubuntu Security Notice USN-978-1         September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.7+build1+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)

It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)

Matt Haggard discovered that Thunderbird did not honor same-origin policy
when processing the statusText property of an XMLHttpRequest object. If a
user were tricked into viewing a malicious site, a remote attacker could
use this to gather information about servers on internal private networks.
(CVE-2010-2764)

Chris Rohlf discovered an integer overflow when Thunderbird processed the
HTML frameset element. If a user were tricked into viewing a malicious
site, a remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2765)

Several issues were discovered in the browser engine. If a user were
tricked into viewing a malicious site, a remote attacker could use this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-2766, CVE-2010-3168)

David Huang and Collin Jackson discovered that the  tag could
override the charset of a framed HTML document in another origin. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-2768)

Paul Stone discovered that with designMode enabled an HTML selection
containing JavaScript could be copied and pasted into a document and have
the JavaScript execute within the context of the site where the code was
dropped. If JavaScript was enabled, an attacker could utilize this to
perform cross-site scripting attacks. (CVE-2010-2769)

A buffer overflow was discovered in Thunderbird when processing text runs.
If a user were tricked into viewing a malicious site, a remote attacker
could use this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3166)

Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
Walden, Gary Kwong and Olli Pettay discovered several flaws in the
browser engine. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-3169)


Updated packages for Ubuntu 10.04:

  Source archives:

          Size/MD5:    95206 4bcbfa877f444cf2450eab3515506da1
          Size/MD5:     2412 0b12f85cb9a236a83093f405c5d6a969
          Size/MD5: 60861438 787f3ada01e85ce751a93dcdd44e5b18

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5: 64189408 f9d30b6540c1f08db812d3c18b5b2bda
          Size/MD5:  5244574 b269d564ef691c32a2f716c1c7e9aaf3
          Size/MD5:   149000 dbf4f8177949f0abb27ee28f9aaab9ee
          Size/MD5:     9292 c6ce63a3f9c5c6ac3bc38177e8068c8b
          Size/MD5: 11388676 4a3902f27af3fabbf470d74217cfdec4

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5: 64524720 ffa0415a1fd30ea1676ac8baa2696053
          Size/MD5:  5835466 7bf21437b4bd3b4ba12e54765f4a080f
          Size/MD5:   148158 08a86b8c727c41a9ba6b238d2dcf38a8
          Size/MD5:     9298 5c212edc616b976c85fc5e2388208047
          Size/MD5: 10452902 c0ca4fcc4079ae3c71c96f46daf40b2a

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5: 67162668 bdc28d4ea3920862d7ab443da5da6a00
          Size/MD5:  5240958 5e2813bf1d9139d5a2f4319f8d7775e3
          Size/MD5:   153348 cc627997e576e4a2aa92b1a6e6572658
          Size/MD5:     9298 948556156feafd5217db3f17cf214cec
          Size/MD5: 11269402 37707d8067040585eb2ba7bb0ac239d4

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5: 63711766 5546c9d27c8b2f0d7052e2f8ff5f542f
          Size/MD5:  5220548 853e41fbba4e18dec5a318c59240d1a6
          Size/MD5:   144284 4f946395f339d5d5909e22f1526eb3ba
          Size/MD5:     9296 47b20d6748ff4c78d1875c7ab8699f7f
          Size/MD5: 10525676 1a0a82cb2fecabdeec28ee544cf34e42

Ubuntu 978-1: Thunderbird vulnerabilities

September 8, 2010
Several dangling pointer vulnerabilities were discovered in Thunderbird

Summary

Update Instructions

References

Severity
thunderbird vulnerabilities

Package Information

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved