Lucene search

K
ubuntuUbuntuUSN-1791-1
HistoryApr 08, 2013 - 12:00 a.m.

Thunderbird vulnerabilities

2013-04-0800:00:00
ubuntu.com
38

7.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.079 Low

EPSS

Percentile

94.1%

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan
Sreckovic and Joe Drew discovered multiple memory safety issues affecting
Thunderbird. If the user were tricked into opening a specially crafted
message with scripting enabled, an attacker could possibly exploit these
to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2013-0788)

Ambroz Bizjak discovered an out-of-bounds array read in the
CERT_DecodeCertPackage function of the Network Security Services (NSS)
libary when decoding certain certificates. An attacker could potentially
exploit this to cause a denial of service via application crash.
(CVE-2013-0791)

Mariusz Mlynski discovered that timed history navigations could be used to
load arbitrary websites with the wrong URL displayed in the addressbar. An
attacker could exploit this to conduct cross-site scripting (XSS) or
phishing attacks if scripting were enabled. (CVE-2013-0793)

Cody Crews discovered that the cloneNode method could be used to
bypass System Only Wrappers (SOW) to clone a protected node and bypass
same-origin policy checks. If a user had enabled scripting, an attacker
could potentially exploit this to steal confidential data or execute code
with the privileges of the user invoking Thunderbird. (CVE-2013-0795)

A crash in WebGL rendering was discovered in Thunderbird. An attacker
could potentially exploit this to execute code with the privileges of
the user invoking Thunderbird if scripting were enabled. This issue only
affects users with Intel graphics drivers. (CVE-2013-0796)

Abhishek Arya discovered an out-of-bounds write in the Cairo graphics
library. An attacker could potentially exploit this to execute code with
the privileges of the user invoking Thunderbird. (CVE-2013-0800)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchthunderbird< 17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-dbg< 17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-dev< 17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-globalmenu< 17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-gnome-support< 17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-gnome-support-dbg< 17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-af< 1:17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-ar< 1:17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-ast< 1:17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Ubuntu12.10noarchthunderbird-locale-be< 1:17.0.5+build1-0ubuntu0.12.10.1UNKNOWN
Rows per page:
1-10 of 2471

7.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.079 Low

EPSS

Percentile

94.1%

Related for USN-1791-1