LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 978-1: Thunderbird vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Several dangling pointer vulnerabilities were discovered in Thunderbird. Anattacker could exploit this to crash Thunderbird or possibly run arbitrarycode as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,CVE-2010-3167) [More...]
===========================================================
Ubuntu Security Notice USN-978-1         September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.7+build1+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)

It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)

Matt Haggard discovered that Thunderbird did not honor same-origin policy
when processing the statusText property of an XMLHttpRequest object. If a
user were tricked into viewing a malicious site, a remote attacker could
use this to gather information about servers on internal private networks.
(CVE-2010-2764)

Chris Rohlf discovered an integer overflow when Thunderbird processed the
HTML frameset element. If a user were tricked into viewing a malicious
site, a remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2765)

Several issues were discovered in the browser engine. If a user were
tricked into viewing a malicious site, a remote attacker could use this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-2766, CVE-2010-3168)

David Huang and Collin Jackson discovered that the  tag could
override the charset of a framed HTML document in another origin. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-2768)

Paul Stone discovered that with designMode enabled an HTML selection
containing JavaScript could be copied and pasted into a document and have
the JavaScript execute within the context of the site where the code was
dropped. If JavaScript was enabled, an attacker could utilize this to
perform cross-site scripting attacks. (CVE-2010-2769)

A buffer overflow was discovered in Thunderbird when processing text runs.
If a user were tricked into viewing a malicious site, a remote attacker
could use this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3166)

Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
Walden, Gary Kwong and Olli Pettay discovered several flaws in the
browser engine. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-3169)


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1.diff.gz
      Size/MD5:    95206 4bcbfa877f444cf2450eab3515506da1
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1.dsc
      Size/MD5:     2412 0b12f85cb9a236a83093f405c5d6a969
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly.orig.tar.gz
      Size/MD5: 60861438 787f3ada01e85ce751a93dcdd44e5b18

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 64189408 f9d30b6540c1f08db812d3c18b5b2bda
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:  5244574 b269d564ef691c32a2f716c1c7e9aaf3
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:   149000 dbf4f8177949f0abb27ee28f9aaab9ee
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:     9292 c6ce63a3f9c5c6ac3bc38177e8068c8b
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 11388676 4a3902f27af3fabbf470d74217cfdec4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 64524720 ffa0415a1fd30ea1676ac8baa2696053
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:  5835466 7bf21437b4bd3b4ba12e54765f4a080f
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:   148158 08a86b8c727c41a9ba6b238d2dcf38a8
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:     9298 5c212edc616b976c85fc5e2388208047
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 10452902 c0ca4fcc4079ae3c71c96f46daf40b2a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 67162668 bdc28d4ea3920862d7ab443da5da6a00
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:  5240958 5e2813bf1d9139d5a2f4319f8d7775e3
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:   153348 cc627997e576e4a2aa92b1a6e6572658
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:     9298 948556156feafd5217db3f17cf214cec
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 11269402 37707d8067040585eb2ba7bb0ac239d4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 63711766 5546c9d27c8b2f0d7052e2f8ff5f542f
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:  5220548 853e41fbba4e18dec5a318c59240d1a6
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:   144284 4f946395f339d5d5909e22f1526eb3ba
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:     9296 47b20d6748ff4c78d1875c7ab8699f7f
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 10525676 1a0a82cb2fecabdeec28ee544cf34e42





                                
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.