USN-1611-1: Thunderbird vulnerabilities

12 October 2012

Several security issues were fixed in Thunderbird.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others
discovered several memory corruption flaws in Thunderbird. If a user were
tricked into opening a malicious website and had JavaScript enabled, an
attacker could exploit these to execute arbitrary JavaScript code within
the context of another website or arbitrary code as the user invoking the
program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989,
CVE-2012-4191)

David Bloom and Jordi Chancel discovered that Thunderbird did not always
properly handle the