==========================================================Ubuntu Security Notice USN-943-1              July 06, 2010
thunderbird vulnerabilities
CVE-2010-1121, CVE-2010-1196, CVE-2010-1199, CVE-2010-1200,
CVE-2010-1201, CVE-2010-1202, CVE-2010-1203
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.5+build2+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Martin Barbella discovered an integer overflow in an XSLT node sorting
routine. An attacker could exploit this to overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1199)

An integer overflow was discovered in Thunderbird. If a user were tricked
into viewing malicious content, an attacker could overflow a buffer and
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1196)

Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
CVE-2010-1202, CVE-2010-1203)

If was discovered that Thunderbird could be made to access freed memory. If
a user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1121)


Updated packages for Ubuntu 10.04:

  Source archives:

          Size/MD5:    92823 0ca46ffd047f5f7cee484fff9e8af23b
          Size/MD5:     2412 aca8b9b2dbfb307db4431919947a7937
          Size/MD5: 60882290 1a1a88e927a9a88bbe7ebcebf823dee8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5: 64108820 3aa916caba6c99731e7d32be86288dc3
          Size/MD5:  5242210 4126c9df835aeb3a9c07843563006c68
          Size/MD5:   148928 0bcd99b6b523fac6b42dcbb7f24dff01
          Size/MD5:     9290 ad02f8df355f77c9b1add63163cbc788
          Size/MD5: 11378952 1ea590db0e17e3a60463ac04d0515b80

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5: 64452942 eaec764f36f6c8f028a896b5392c3737
          Size/MD5:  5307796 dafaff64a67a27a702a6f865c14445ff
          Size/MD5:   148118 39c67bfe1a78134d37c8ae7aeec002bb
          Size/MD5:     9292 178054e4f82c37056f11ea499e37c4e2
          Size/MD5: 10408506 c18e02729a25128e676165df459f969f

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5: 67079046 b99a348ef7df5d8ab2daa6995b3e9eed
          Size/MD5:  5238246 0f540c21b92bb8730631c8d048763890
          Size/MD5:   153294 6b87239a25c174184dd5681f4d90b30c
          Size/MD5:     9294 196d8ddb2fd3b1d9f987814f4008fc87
          Size/MD5: 11260620 dab912c76ddc41ba98eaadbfb051aeb4

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5: 63631670 2b5550e2e5dbe85b9c5f3bd106e9043a
          Size/MD5:  5216964 c22473ed591e05898a660d1b84a93e7a
          Size/MD5:   144236 a583a67a7e172036d31350e393a12469
          Size/MD5:     9296 3c1023ab76f0e7dad38055468fbf8911
          Size/MD5: 10514780 30417d9d956648a4f15d645171edb401

Ubuntu 943-1: Thunderbird vulnerabilities

July 6, 2010
Martin Barbella discovered an integer overflow in an XSLT node sorting routine

Summary

Update Instructions

References

Severity
thunderbird vulnerabilities

Package Information

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved