UbuntuUSN-2859-1Thunderbird vulnerabilities
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.1%
Releases
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Ruderman
discovered multiple memory safety issues in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-7201)
Ronald Crane discovered a buffer overflow through code inspection. If a
user were tricked in to opening a specially crafted website in a browsing
context, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2015-7205)
Abhishek Arya discovered an integer overflow when allocating large
textures. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Thunderbird. (CVE-2015-7212)
Ronald Crane dicovered an integer overflow when processing MP4 format
video in some circumstances. If a user were tricked in to opening a
specially crafted website in a browsing context, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2015-7213)
Tsubasa Iinuma discovered a way to bypass same-origin restrictions using
data: and view-source: URLs. If a user were tricked in to opening a
specially crafted website in a browsing context, an attacker could
potentially exploit this to obtain sensitive information and read local
files. (CVE-2015-7214)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.10 | noarch | thunderbird | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-dbg | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-dbgsym | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-dev | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-dev-dbgsym | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-globalmenu | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-gnome-support | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-gnome-support-dbg | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-locale-af | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | thunderbird-locale-ar | < 1:38.5.1+build2-0ubuntu0.15.10.1 | UNKNOWN |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.1%