UbuntuUSN-2428-1Thunderbird vulnerabilities
6.3 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.119 Low
EPSS
Percentile
95.3%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas
Werner discovered multiple memory safety issues in Thunderbird. If a user
were tricked in to opening a specially crafted message with scripting
enabled, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1587)
Joe Vennix discovered a crash when using XMLHttpRequest in some
circumstances. If a user were tricked in to opening a specially crafted
message with scripting enabled, an attacker could potentially exploit this
to cause a denial of service. (CVE-2014-1590)
Berend-Jan Wever discovered a use-after-free during HTML parsing. If a
user were tricked in to opening a specially crafted message with scripting
enabled, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1592)
Abhishek Arya discovered a buffer overflow when parsing media content. If
a user were tricked in to opening a specially crafted message with
scripting enabled, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1593)
Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the
compositor. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit this to cause undefined
behaviour, a denial of service via application crash or execute abitrary
code with the privileges of the user invoking Thunderbird. (CVE-2014-1594)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | thunderbird | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-dbg | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-dev | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-globalmenu | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-gnome-support | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-gnome-support-dbg | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-locale-af | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-locale-ar | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-locale-ast | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | thunderbird-locale-be | < 1:31.3.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
Related
6.3 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.119 Low
EPSS
Percentile
95.3%