USN-2754-1: Thunderbird vulnerabilities
5 October 2015
Several security issues were fixed in Thunderbird.
Releases
Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David
Major, Andrew McCreight, and Cameron McCormack discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2015-4500)
Khalil Zhani discovered a buffer overflow when parsing VP9 content in some
circumstances. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2015-4506)
A use-after-free was discovered when manipulating HTML media content in
some circumstances. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-4509)
Atte Kettunen discovered a buffer overflow in the nestegg library when
decoding WebM format video in some circumstances. If a user were tricked
in to opening a specially crafted message, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-4511)
Ronald Crane reported multiple vulnerabilities. If a user were tricked in
to opening a specially crafted website in a browsing context, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Thunderbird. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522,
CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)
Mario Gomes discovered that dragging and dropping an image after a
redirect exposes the redirected URL to scripts. An attacker could
potentially exploit this to obtain sensitive information. (CVE-2015-4519)
Ehsan Akhgari discovered 2 issues with CORS preflight requests. An
attacker could potentially exploit these to bypass CORS restrictions.
(CVE-2015-4520)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Related notices
- USN-2743-1: firefox-locale-da, firefox-locale-as, firefox-locale-cy, firefox-locale-it, firefox-locale-or, firefox-locale-zh-hans, firefox-locale-mk, firefox-locale-gd, firefox-locale-gu, firefox-locale-az, firefox-locale-eo, firefox-locale-nso, firefox-locale-ru, firefox-locale-km, firefox-locale-lg, firefox-locale-mn, firefox-locale-tr, firefox-locale-ms, firefox-locale-zu, firefox-locale-fy, firefox-dev, firefox-locale-nn, firefox-locale-pa, firefox-locale-an, firefox-locale-ku, firefox-locale-uk, firefox-locale-sk, firefox-locale-es, firefox-locale-sw, firefox-locale-hr, firefox-locale-hy, firefox-locale-he, firefox-locale-ca, firefox-locale-sv, firefox-locale-fi, firefox-locale-te, firefox-locale-el, firefox-locale-ta, firefox-locale-ko, firefox-locale-ro, firefox-locale-hu, firefox-locale-nb, firefox-locale-id, firefox-locale-kk, firefox-locale-ar, firefox-locale-hi, firefox-globalmenu, firefox-locale-kn, firefox-locale-et, firefox-locale-ga, firefox-locale-de, firefox-locale-fa, firefox-locale-af, firefox, firefox-locale-en, firefox-locale-uz, firefox-locale-vi, firefox-locale-br, firefox-locale-ml, firefox-locale-fr, firefox-locale-lt, firefox-locale-is, firefox-locale-ka, firefox-locale-be, firefox-locale-bs, firefox-locale-pt, firefox-locale-si, firefox-locale-mr, firefox-locale-hsb, firefox-mozsymbols, firefox-locale-pl, firefox-locale-eu, firefox-locale-sl, firefox-locale-cs, firefox-locale-zh-hant, firefox-testsuite, firefox-locale-lv, firefox-locale-gl, firefox-locale-bg, firefox-locale-ast, firefox-locale-sq, firefox-locale-oc, firefox-locale-th, firefox-locale-csb, firefox-locale-sr, firefox-locale-bn, firefox-locale-mai, firefox-locale-xh, firefox-locale-ja, firefox-locale-nl