USN-2819-1: Thunderbird vulnerabilities
1 December 2015
Several security issues were fixed in Thunderbird.
Releases
Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky,
Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong
discovered multiple memory safety issues in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-4513)
Tyson Smith and David Keeler discovered a use-after-poison and buffer
overflow in NSS. An attacker could potentially exploit these to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2015-7181,
CVE-2015-7182)
Ryan Sleevi discovered an integer overflow in NSPR. An attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-7183)
MichaĆ Bentkowski discovered that adding white-space to hostnames that are
IP addresses can bypass same-origin protections. If a user were tricked in
to opening a specially crafted website in a browser-like context, an
attacker could potentially exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2015-7188)
Looben Yang discovered a buffer overflow during script interactions with
the canvas element in some circumstances. If a user were tricked in to
opening a specially crafted website in a browser-like context, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Thunderbird. (CVE-2015-7189)
Shinto K Anto discovered that CORS preflight is bypassed when receiving
non-standard Content-Type headers in some circumstances. If a user were
tricked in to opening a specially crafted website in a browser-like
context, an attacker could potentially exploit this to bypass
same-origin restrictions. (CVE-2015-7193)
Gustavo Grieco discovered a buffer overflow in libjar in some
circumstances. If a user were tricked in to opening a specially crafted
website in a browser-like context, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2015-7194)
Ehsan Akhgari discovered a mechanism for a web worker to bypass secure
requirements for web sockets. If a user were tricked in to opening a
specially crafted website in a browser-like context, an attacker could
exploit this to bypass the mixed content web socket policy.
(CVE-2015-7197)
Ronald Crane discovered several vulnerabilities through code-inspection. If
a user were tricked in to opening a specially crafted website in a
browser-like context, an attacker could potentially exploit these to cause
a denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2015-7198,
CVE-2015-7199, CVE-2015-7200)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Related notices
- USN-2785-1: firefox-globalmenu, firefox-locale-ku, firefox-locale-sk, firefox-locale-sl, firefox-locale-lt, firefox-locale-lg, firefox-locale-zu, firefox-locale-ro, firefox-locale-be, firefox-locale-el, firefox-locale-si, firefox-locale-de, firefox-locale-lv, firefox-locale-te, firefox-locale-id, firefox-locale-sv, firefox-locale-he, firefox-locale-hsb, firefox-locale-mr, firefox-locale-bn, firefox-locale-fi, firefox-locale-ms, firefox-locale-pt, firefox-locale-uz, firefox-mozsymbols, firefox-locale-sw, firefox-locale-nl, firefox-locale-mai, firefox-locale-sr, firefox-locale-kn, firefox-locale-is, firefox-locale-hr, firefox-locale-ko, firefox-locale-hu, firefox-locale-zh-hans, firefox-locale-az, firefox-locale-es, firefox-locale-nn, firefox-locale-zh-hant, firefox-locale-ga, firefox-locale-gu, firefox-locale-pa, firefox-locale-th, firefox-locale-gl, firefox-locale-fr, firefox-locale-tr, firefox-locale-ast, firefox-locale-eu, firefox-locale-kk, firefox-locale-uk, firefox-locale-vi, firefox-locale-da, firefox-locale-ka, firefox-locale-gd, firefox-locale-bs, firefox-locale-as, firefox-locale-bg, firefox-locale-ar, firefox-locale-br, firefox-locale-ta, firefox-locale-nso, firefox-locale-cy, firefox-testsuite, firefox-locale-nb, firefox-locale-fy, firefox-dev, firefox-locale-en, firefox-locale-sq, firefox-locale-an, firefox-locale-eo, firefox, firefox-locale-cs, firefox-locale-ca, firefox-locale-pl, firefox-locale-or, firefox-locale-oc, firefox-locale-af, firefox-locale-et, firefox-locale-it, firefox-locale-ja, firefox-locale-hi, firefox-locale-mk, firefox-locale-ru, firefox-locale-fa, firefox-locale-csb, firefox-locale-km, firefox-locale-xh, firefox-locale-ml, firefox-locale-hy, firefox-locale-mn
- USN-2791-1: libnss3-1d, libnss3, libnss3-nssdb, nss, libnss3-dev, libnss3-tools
- USN-2790-1: libnspr4, nspr, libnspr4-0d, libnspr4-dev