USN-3023-1: Thunderbird vulnerabilities

18 July 2016

Several security issues were fixed in Thunderbird.

Releases

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

It was discovered that NSPR incorrectly handled memory allocation. If a
user were tricked in to opening a specially crafted message, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-1951)

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson,
discovered multiple memory safety issues in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2818)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04
Ubuntu 15.10
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Related notices