Lucene search

K
ubuntuUbuntuUSN-1122-2
HistoryMay 05, 2011 - 12:00 a.m.

Thunderbird vulnerabilities

2011-05-0500:00:00
ubuntu.com
26

9.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

Releases

  • Ubuntu 11.04

Packages

  • thunderbird - mail/news client with RSS and integrated spam filter support

Details

USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick.
This update provides the corresponding fixes for Natty.

Original advisory details:

It was discovered that there was a vulnerability in the memory handling of
certain types of content. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0081)

It was discovered that Thunderbird incorrectly handled certain JavaScript
requests. If JavaScript were enabled, an attacker could exploit this to
possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0069)

Ian Beer discovered a vulnerability in the memory handling of a certain
types of documents. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0070)

Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman
discovered several memory vulnerabilities. An attacker could exploit these
to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0080)

Aki Helin discovered multiple vulnerabilities in the HTML rendering code.
An attacker could exploit these to possibly run arbitrary code as the user
running Thunderbird. (CVE-2011-0074, CVE-2011-0075)

Ian Beer discovered multiple overflow vulnerabilities. An attacker could
exploit these to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0077, CVE-2011-0078)

Martin Barbella discovered a memory vulnerability in the handling of
certain DOM elements. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0072)

It was discovered that there were use-after-free vulnerabilities in
Thunderbird’s mChannel and mObserverList objects. An attacker could exploit
these to possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0065, CVE-2011-0066)

It was discovered that there was a vulnerability in the handling of the
nsTreeSelection element. An attacker sending a specially crafted E-Mail
could exploit this to possibly run arbitrary code as the user running
Thunderbird. (CVE-2011-0073)

Paul Stone discovered a vulnerability in the handling of Java applets. If
plugins were enabled, an attacker could use this to mimic interaction with
form autocomplete controls and steal entries from the form history.
(CVE-2011-0067)

Soroush Dalili discovered a vulnerability in the resource: protocol. This
could potentially allow an attacker to load arbitrary files that were
accessible to the user running Thunderbird. (CVE-2011-0071)

Chris Evans discovered a vulnerability in Thunderbird’s XSLT generate-id()
function. An attacker could possibly use this vulnerability to make other
attacks more reliable. (CVE-2011-1202)

OSVersionArchitecturePackageVersionFilename
Ubuntu11.04noarchthunderbird< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchthunderbird-dbg< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchthunderbird-dev< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchthunderbird-globalmenu< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchthunderbird-gnome-support< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchthunderbird-gnome-support-dbg< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchthunderbird-mozsymbols< 3.1.10+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN

9.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%