Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1748-1
HistoryFeb 25, 2013 - 12:00 a.m.

Thunderbird vulnerabilities

2013-02-2500:00:00
ubuntu.com
33

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.5%

JSON

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and
System Only Wrappers (SOW). If a user were tricked into opening a specially
crafted page and had scripting enabled, a remote attacker could exploit
this to bypass security protections to obtain sensitive information or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2013-0773)

Frederik Braun discovered that Thunderbird made the location of the active
browser profile available to JavaScript workers. Scripting for Thunderbird
is disabled by default in Ubuntu. (CVE-2013-0774)

A use-after-free vulnerability was discovered in Thunderbird. An attacker
could potentially exploit this to execute code with the privileges of the
user invoking Thunderbird if scripting were enabled. (CVE-2013-0775)

Michal Zalewski discovered that Thunderbird would not always show the
correct address when cancelling a proxy authentication prompt. A remote
attacker could exploit this to conduct URL spoofing and phishing attacks
if scripting were enabled.
(CVE-2013-0776)

Abhishek Arya discovered several problems related to memory handling. If
the user were tricked into opening a specially crafted page, an attacker
could possibly exploit these to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780,
CVE-2013-0781, CVE-2013-0782)

Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight,
Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke
Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron
discovered multiple memory safety issues affecting Thunderbird. If a user
had scripting enabled and was tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash. (CVE-2013-0783, CVE-2013-0784)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchthunderbird< 17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-dbg< 17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-dev< 17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-globalmenu< 17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-gnome-support< 17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-gnome-support-dbg< 17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-af< 1:17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-ar< 1:17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-ast< 1:17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-be< 1:17.0.3+build1-0ubuntu0.12.10.1UNKNOWN
Rows per page:
1-10 of 2471

Related

nessus 32
openvas 66
securityvulns 1
ubuntu 2
suse 4
mozilla 6
oraclelinux 2
redhat 2
centos 2
freebsd 1
prion 12
nvd 12
cvelist 12
ubuntucve 12
cve 12
veracode 5
debian 1
ibm 2
gentoo 1
nessus
nessus
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1748-1)
2013-02-26 00:00:00
Mozilla SeaMonkey < 2.16 Multiple Vulnerabilities
2013-02-22 00:00:00
Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)
2013-03-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1748-1)
2013-03-01 00:00:00
Ubuntu Update for thunderbird USN-1748-1
2013-03-01 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
2013-02-21 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-02-24 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2013-02-20 00:00:00
Firefox regression
2013-03-01 00:00:00
suse
suse
Mozilla: February 2013 update round (Firefox 19) (important)
2013-02-22 14:04:25
Security update for Mozilla Firefox (important)
2013-03-08 22:04:48
Security update for Mozilla Firefox (important)
2013-03-15 19:04:45
mozilla
mozilla
Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer — Mozilla
2013-02-19 00:00:00
Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3) — Mozilla
2013-02-19 00:00:00
Phishing on HTTPS connection through malicious proxy — Mozilla
2013-02-19 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-02-19 00:00:00
thunderbird security update
2013-02-19 00:00:00
redhat
redhat
(RHSA-2013:0271) Critical: firefox security update
2013-02-19 00:00:00
(RHSA-2013:0272) Critical: thunderbird security update
2013-02-19 00:00:00
centos
centos
thunderbird security update
2013-02-20 04:09:27
devhelp, firefox, libproxy, xulrunner, yelp security update
2013-02-20 03:20:40
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-02-19 00:00:00
prion
prion
Memory corruption
2013-02-19 23:55:00
Out-of-bounds
2013-02-19 23:55:00
Design/Logic Flaw
2013-02-19 23:55:00
nvd
nvd
CVE-2013-0784
2013-02-19 23:55:01
CVE-2013-0782
2013-02-19 23:55:01
CVE-2013-0779
2013-02-19 23:55:01
cvelist
cvelist
CVE-2013-0779
2013-02-19 23:00:00
CVE-2013-0782
2013-02-19 23:00:00
CVE-2013-0783
2013-02-19 23:00:00
ubuntucve
ubuntucve
CVE-2013-0779
2013-02-20 00:00:00
CVE-2013-0782
2013-02-20 00:00:00
CVE-2013-0784
2013-02-20 00:00:00
cve
cve
CVE-2013-0779
2013-02-19 23:55:01
CVE-2013-0784
2013-02-19 23:55:01
CVE-2013-0781
2013-02-19 23:55:01
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:52:50
Arbitrary Code Execution
2019-05-02 04:52:51
Arbitrary Code Execution
2019-05-02 04:52:50
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
ibm
ibm
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.5%

JSON
Related for USN-1748-1
nessus32openvas66securityvulns1ubuntu2suse4mozilla6oraclelinux2redhat2centos2freebsd1prion12nvd12cvelist12ubuntucve12cve12veracode5debian1ibm2gentoo1