LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Thunderbird vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu GaŽtan Leurent showed a weakness in APOP authentication. An attacker posing as a trusted server could recover portions of the user's password via multiple authentication attempts. (CVE-2007-1558) Various flaws were discovered in the layout and JavaScript engines. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2007-2867, CVE-2007-2868)
=========================================================== 
Ubuntu Security Notice USN-469-1              June 05, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mozilla-thunderbird                      1.5.0.12-0ubuntu0.6.06

Ubuntu 6.10:
  mozilla-thunderbird                      1.5.0.12-0ubuntu0.6.10

Ubuntu 7.04:
  mozilla-thunderbird                      1.5.0.12-0ubuntu0.7.04

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

GaŽtan Leurent showed a weakness in APOP authentication.  An attacker
posing as a trusted server could recover portions of the user's
password via multiple authentication attempts. (CVE-2007-1558)

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2007-2867, CVE-2007-2868)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.diff.gz
      Size/MD5:   455017 6134996c92b001015b30150c2dc1ebc9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.dsc
      Size/MD5:     1603 a28b5d142a6f31040ed31e9a6d6bc89f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
      Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5:  3536144 14ea0a1977a5320fd835fd001d67346f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5:   194244 8b458963ac0651ed0cd6391eff999922
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5:    59492 f72ea0bdf598e970be1fc2bc4c13aca5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5: 12072898 5c56a62ecebbd04b0d5800e02bb0f962

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5:  3529200 7e19aa6138e8feed5cff6d838b6028a9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5:   187602 6820a2a671a38afd15a0f6a85d836e1a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5:    55014 7bafe57ee68339de3cd6b652b38f732e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5: 10348548 b9681e3ee16c04c08339ec2ef01a6c88

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  3534496 3c48628681299abaee19fc0beba5ab78
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   190946 fbbcce5b8063cb919394a9eb6606be14
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5:    58594 feced950d4786dca229a3311d78ebd92
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 11625662 84c92da6096228d1e9d9b88bd7b04175

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5:  3531010 bcc28364913ee9a39fcbe927c18c63b6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5:   188396 269be710a7fba93ef6b097b2b9fff9db
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5:    56508 53c80fc5eee71c35c5ac6bd02d378d88
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5: 10819654 ef89c7e36efdb96ac78708d29d8549b9

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.diff.gz
      Size/MD5:   455848 d0c748328245e197cae6535eb8f432ef
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.dsc
      Size/MD5:     1601 bd27533176397a9e5dfbf7f78bc0663e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
      Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5:  3535944 23d30ebe5ef94e613e7967b1db8ef31b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5:   194370 45be8ffeacd6effc2f9dc7760c95872b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5:    59488 332a5fc9ba7aaee2f415f8b7d48df4d3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5: 12069218 a95212832d428490b423c3f1f4d8fb6f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5:  3532554 c3e7b0d29512c4fcdeb4c44d2cf254ee
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5:   189032 1af5c94758d03e290996aabe28f4e468
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5:    56130 b8dd5169a5c9d2e64f92a5077125e5fe
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5: 10807154 3182256c2c4e3dcf8ce0af8c08c79b9e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5:  3534536 3f01d1dd21c6f9c4876cbe26c99b9b7a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   191466 d3d76899b21d9c6a00b74c59375ef410
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5:    59150 d00037720c85c34f71289eb5e38495e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 11755910 5e4af6da8f47a49d55f79679299ca1c5

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5:  3531000 cfe826422c56a92146ef11cd7ac8a12b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5:   188848 4749b5b3be87a3fcd12dc3d40a49a855
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5:    56542 da871004b8b3361955e80fde84bb6912
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5: 11021978 278ddf14608e203be94128d4d813c17c

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.diff.gz
      Size/MD5:   126465 cc8f051889c9b0b3e38d7209405dea69
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.dsc
      Size/MD5:     1601 7c375b22a857fcd739595e99d69030be
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
      Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5:  3536244 487c6c4f6eeea7b685882f7782499c1f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5:   194854 1878f36a0df3331ac035cc0a7141e0e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5:    59982 10922e4c84d5d0a742d1673cfd9cb7f0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5: 12164292 bb2c2e8b5ef6419e408cdaf5096367ee

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5:  3533300 2aa267d22e69adf1952365381ee223c4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5:   189498 b3e5a7fd372e13926d5b0ab65e8fe78b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5:    56606 96e62d17f21013a3b801cbe6bbddd665
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5: 10893370 b0c17d6fabacc7c2cf1f1ab11a603a63

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5:  3537168 a7afc930e25aaca21915bda7fd27df94
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5:   192978 65ec6c5bf4483df668b9a848e7d38754
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5:    59968 e808d5650b3bb3e9fb8db66f64d60d91
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5: 12107396 fc8addfa0baf3cf6104a65e66bf4cce6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5:  3532440 4b4d48c1c6ec051f79023aa4ab02a38a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5:   189318 d84f7d16f44ce1bf1f989a316f13f901
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5:    57038 ef6a777ccc9464d7c74b774c61afe3f3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5: 11123392 f73b585d8506d5be115aa006ac2ede2a


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers From China Waste Little Time in Exploiting Heartbleed
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Why a hacker got paid for finding the Heartbleed bug
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.