➠ USN-2934-1: Thunderbird vulnerabilities
Ubuntu Security Notice USN-2934-1
27th April, 2016
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in Thunderbird.
Software description
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2016-1952)
Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website in a browsing context with addon signing disabled and
unpacked addons installed, an attacker could potentially exploit this to
gain additional privileges. (CVE-2016-1954)
Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via memory exhaustion. (CVE-2016-1957)
A use-after-free was discovered in the HTML5 string parser. If a user were
tricked in to opening a specially crafted website in a browsing context, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2016-1961)
Nicolas Grégoire discovered a use-after-free during XML transformations.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2016-1964)
A memory corruption issues was discovered in the NPAPI subsystem. If
a user were tricked in to opening a specially crafted website in a
browsing context with a malicious plugin installed, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1966)
Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Thunderbird. (CVE-2016-1974)
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2016-1950)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked in
to opening a specially crafted message, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,
CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 16.04 LTS:
- thunderbird 1:38.7.2+build1-0ubuntu0.16.04.1
- Ubuntu 15.10:
- thunderbird 1:38.7.2+build1-0ubuntu0.15.10.1
- Ubuntu 14.04 LTS:
- thunderbird 1:38.7.2+build1-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
- thunderbird 1:38.7.2+build1-0ubuntu0.12.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References
CVE-2016-1950, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1964, CVE-2016-1966, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
...Zur Startseite
Kommentiere zu USN-2934-1: Thunderbird vulnerabilities
➤ Ähnliche Beiträge für 'USN-2934-1: Thunderbird vulnerabilities'
[Testing Update] 2019-10-27 - KDE-Git, Nvidia, Xorg-Server
vom 734.84 Punkte
@philm wrote:
Hello community,
I am happy to announce another Testing Update. Mostly we have updates for Pacman 5.2 release.
Tell us about the default layout we should use for Gnome
Update news
This update holds the following chan
[Testing Update] 2019-12-06 - Kernels, Mesa, Firefox, KDE-git
vom 734.84 Punkte
@philm wrote:
Hello community,
I am happy to announce another Testing Update on my Wedding Day.
Let's celebrate Phil's and Trang's wedding today
Some feature-updates:
Some fixes to Cinnamon
Firefox-Dev has another beta in 72 series
We updated most of our KDE-git packages
Mesa update plus the latest Kernels
the usua
[Testing Update] 2020-01-28 - Kernels, Browsers, Vulkan
vom 734.84 Punkte
@philm wrote:
Hello community,
here is another Testing Update ...
1094×645Check out the latest changes of Pamac-QT 0.3.1
Some feature-updates:
Most of the Kernels got updated
Updates to Palemoon and Firefox-dev
Newer Vulkan drivers
The usual upstream fixes
If you like following latest Plasma de
[Stable Update] 2020-01-30 - Kernels, Browsers, Vulkan
vom 734.84 Punkte
@philm wrote:
Hello community,
here is another Stable Update ...
2048×1667Our images for the Pinebook Pro got some updates
Some feature-updates:
Most of the Kernels got updated
Updates to Palemoon and Firefox-dev
Newer Vulkan drivers
The usual upstream fixes
If you like following latest Plasma de
[Testing Update] 2020-02-17 - Kernels, Firefox-Dev, Gnome, BinUtils, Wine 5.2, Python
vom 728.28 Punkte
@philm wrote:
Hello community,
here is another Testing Update.
1920×1080Give Mate 1.24 a spin in our latest 19.0-rc1 build!
Some feature-updates:
Some of our Kernels got updated
Firefox-Dev got updated to its fourth beta of 74 series
Gnome got some more updates
Fixes to binutils to support
[Testing Update] 2022-08-04 - Kernels, Nvidia, Thunderbird, Cinnamon, KDE-git
vom 465.84 Punkte
Hello community,
Another testing branch update with some usual updates for you.
Checkout the store. From 2nd till 7th we offer 20% discount!
Some of our Kernels got updated
Note: 5.17 series got dropped from our repos. Please adopt to 5.18 or 5.19 series.
Thunderbird is now at 91.12.0
[Testing Update] 2020-04-10 - Thunderbird 68.7.0, OnlyOffice 5.5, Gnome, GTK
vom 400.22 Punkte
@philm wrote:
Hello community,
here is another Testing Update for you:
Need to have a look at several documents at once? Have two or more monitors? Now it’s your time! You can stack them together now ...
Some feature-updates:
Thunderbird got updated to 68.7.0
OnlyOffice is no
[Testing Update] 2020-04-11 - Kernels, Browsers, Calamares, Octopi, Flatpak, Thunderbird, OnlyOffice
vom 400.22 Punkte
@philm wrote:
Hello community,
here is another Stable Update for you:
1920×1080Get your Manjaro Merch 15% off! #StayHome, #StayHealthy, #StaySafe, #HomeOffice
Some feature-updates:
Some of our Kernels got updated
Brave br
[Stable Update] 2020-04-11 - Kernels, Browsers, Calamares, Octopi, Flatpak, Thunderbird, OnlyOffice
vom 400.22 Punkte
@philm wrote:
Hello community,
here is another Stable Update for you:
1920×1080Get your Manjaro Merch 15% off! #StayHome, #StayHealthy, #StaySafe, #HomeOffice
Some feature-updates:
Some of our Kernels got updated
Brave br
[Unstable Update] 2020-11-22 - Kernels, Qt 5.15.2, Thunderbird 78.5.0, Wine, AMDVLK
vom 400.22 Punkte
Hello community,
Another unstable branch update with some usual updates for you!
1920×1080 253 KB
Unleash the Ryzen Power #stayhome, #staysafe, #stayhealthy
Most of our Kernels got renewed
KDE-git got another updates
Qt5 got updated to 5.15.2. Let us know if you face any i
[Testing Update] 2019-12-26 - KDE-Git, AMDVLK 2019.Q4.5, NetworkManager 1.20.9
vom 373.98 Punkte
@philm wrote:
Hello community,
I am happy to announce another Testing Update.
Some feature-updates:
Updated KDE-git packages
AMDVLK is now at 2019.Q4.5
Network Manager is again downgraded to 1.20.9
the usual upstream fixes
If you like following latest Pl
[StableUpdate] 2020-01-20 - Kernels, Plasma 5.19a, Pamac 9.3rc, Gambas, Virtualbox
vom 367.42 Punkte
@philm wrote:
Hello community,
here is another Stable Update ...
1920×1080Test the latest efforts of KDE on our Development ISOs
Some feature-updates:
Some Kernels got updated
Plasma got updated to 5.19 alpha on our KDE-git packages
Pamac 9.3 got it's first RC. Please update your translation