[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1284689158.25125.13.camel@luna>
Date: Thu, 16 Sep 2010 21:05:58 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Subject: [USN-978-2] Thunderbird regression
===========================================================
Ubuntu Security Notice USN-978-2 September 16, 2010
thunderbird regression
https://launchpad.net/bugs/640839
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
thunderbird 3.0.8+build2+nobinonly-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Details follow:
USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported
stability problems under certain circumstances. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)
Matt Haggard discovered that Thunderbird did not honor same-origin policy
when processing the statusText property of an XMLHttpRequest object. If a
user were tricked into viewing a malicious site, a remote attacker could
use this to gather information about servers on internal private networks.
(CVE-2010-2764)
Chris Rohlf discovered an integer overflow when Thunderbird processed the
HTML frameset element. If a user were tricked into viewing a malicious
site, a remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2765)
Several issues were discovered in the browser engine. If a user were
tricked into viewing a malicious site, a remote attacker could use this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-2766, CVE-2010-3168)
David Huang and Collin Jackson discovered that the <object> tag could
override the charset of a framed HTML document in another origin. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-2768)
Paul Stone discovered that with designMode enabled an HTML selection
containing JavaScript could be copied and pasted into a document and have
the JavaScript execute within the context of the site where the code was
dropped. If JavaScript was enabled, an attacker could utilize this to
perform cross-site scripting attacks. (CVE-2010-2769)
A buffer overflow was discovered in Thunderbird when processing text runs.
If a user were tricked into viewing a malicious site, a remote attacker
could use this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3166)
Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
Walden, Gary Kwong and Olli Pettay discovered several flaws in the
browser engine. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-3169)
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 95079 66fa008e5f6df031b1ad5f231f431898
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2412 47d4848db3c5379202c95d1c6846f3ab
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly.orig.tar.gz
Size/MD5: 60878127 f9cefc763da1d7635d7f5f0141b1e6b0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 64186380 947fd7418d024742733e7e8bb975b749
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5245600 b9a5341d9f3748be7702c85eb7f60c6d
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 149030 581de662dc3ae62bbd21c39bf4b6d812
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9302 379e8be2d12e608a908e1e23875f029b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 11388686 d54d73646053756283c1f0704089825f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 64524204 1bcb85f2f1a0a3ceeb2f4525e863d9bf
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5312356 4f0bc7e9e239fcce2affc737dde01b45
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 148190 ff86f91fb4a989f3265280579c68251a
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9294 4fe53877c8393d1d1ae39df58f89dfc2
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 10414156 78d7d44996bd7bebb283c2489801264e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 67171100 38e8af92c7a148870d842edb2b7bdf8e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5238736 9f785fa98eedc1670fcb879b43587fc5
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 153372 e28f31ee4b2161653aa076f14ea28c1a
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9290 2722d1c4757d96f2920af705fe399b48
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11269554 32f735cb17a6a0e8e47adbd270601070
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 63710592 85de03805d8ebb6838174c7fc0d3c3e0
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5221108 828ef1cd6aaa6f0b429eb250ef3be855
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 144304 1a2639ca21e782dd1e6c55139d046a84
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9288 1c6f91e90b24c2c905cd0ec38c9973d5
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 10525548 f692a83ee6da0da71d23c96cf7aa5278
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists