=========================================================== Ubuntu Security Notice USN-536-1 October 23, 2007 mozilla-thunderbird, thunderbird vulnerabilities CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.14b-0ubuntu0.6.06 Ubuntu 6.10: mozilla-thunderbird 1.5.0.13+1.5.0.14b-0ubuntu0.6.10 Ubuntu 7.04: mozilla-thunderbird 1.5.0.13+1.5.0.14b-0ubuntu0.7.04 Ubuntu 7.10: mozilla-thunderbird 2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Thunderbird to affect the necessary changes. Details follow: Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5339, CVE-2007-5340) Flaws were discovered in the file upload form control. By tricking a user into opening a malicious web page, an attacker could force arbitrary files from the user's computer to be uploaded without their consent. (CVE-2006-2894, CVE-2007-3511) Michal Zalewski discovered that the onUnload event handlers were incorrectly able to access information outside the old page content. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of the next loaded web page. (CVE-2007-1095) Stefano Di Paola discovered that Thunderbird did not correctly request Digest Authentications. A malicious web site could exploit this to inject arbitrary HTTP headers or perform session splitting attacks against proxies. (CVE-2007-2292) Eli Friedman discovered that XUL could be used to hide a window's titlebar. A malicious web site could exploit this to enhance their attempts at creating phishing web sites. (CVE-2007-5334) Georgi Guninski discovered that Thunderbird would allow file-system based web pages to access additional files. By tricking a user into opening a malicious web page from a gnome-vfs location, an attacker could steal arbitrary files from the user's computer. (CVE-2007-5337) It was discovered that the XPCNativeWrappers were not safe in certain situations. By tricking a user into opening a malicious web page, an attacker could run arbitrary JavaScript with the user's privileges. (CVE-2007-5338) Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.06.diff.gz Size/MD5: 455375 faa09532449603dddf8f08ab675d1b28 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.06.dsc Size/MD5: 1633 716dc01b46f55b7045db497ecf871874 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b.orig.tar.gz Size/MD5: 37228621 d17ccd750ecbb20cb3413a76d3b9aae9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_amd64.deb Size/MD5: 3589076 51438f61eae1815349044e7cfc4dd664 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_amd64.deb Size/MD5: 194480 1470536e4f9b3bbcf92b956c68ab4d8e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_amd64.deb Size/MD5: 59714 db759c01b3f5ecdb496d719db147ec74 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_amd64.deb Size/MD5: 12101388 21d24eb29519199dc19cedf9bca46eb6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_i386.deb Size/MD5: 3581470 e17577b8af7238161c7831e1ecfecc5a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_i386.deb Size/MD5: 187860 cc5dd9051e827a8eeb874dc0519d44a7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_i386.deb Size/MD5: 55236 882bd94d3e51324668a541794a9689d3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_i386.deb Size/MD5: 10377152 edcf5e8407c40cbc27b62d98db297aac powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_powerpc.deb Size/MD5: 3587070 adbd64b3bb6f85203d4b075c5304ccfa http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_powerpc.deb Size/MD5: 191194 41408b0d34b0bd0a1b919ea7af516b63 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_powerpc.deb Size/MD5: 58828 9451eccd032a26b915214e5e644f3d54 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_powerpc.deb Size/MD5: 11654878 8973a98920d27c367cdffeeeed2c07ac sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_sparc.deb Size/MD5: 3583334 57003876e1b00085ff70ed60f4d8450c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_sparc.deb Size/MD5: 188650 3c42ca5fd35b149d8f02832c5cdc1bb6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_sparc.deb Size/MD5: 56726 ae5f8045618af4b30ba64d539554eec7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.06_sparc.deb Size/MD5: 10850460 0d23999e44719bfda650855aa0abda4b Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.10.diff.gz Size/MD5: 456289 fbff6f4a38782775d86001752db48e79 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.10.dsc Size/MD5: 1631 8ed4674213d59fa99f7659b6d80368a0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b.orig.tar.gz Size/MD5: 37228621 d17ccd750ecbb20cb3413a76d3b9aae9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_amd64.deb Size/MD5: 3588932 45bf673232ae2168d251257c2834ecbc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_amd64.deb Size/MD5: 194632 e37ccf86d3fcd9f29d08f2f204520d8b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_amd64.deb Size/MD5: 59750 9dd3e401e0861bec20513f4999ff9c9c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_amd64.deb Size/MD5: 12099034 811de96627c75c24bc018e6c6a3216e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_i386.deb Size/MD5: 3585342 77c28d7972ce69adc29aee2397ff290f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_i386.deb Size/MD5: 189282 1a40dc4fd814d0e0b1cac4f4bbfb5c0c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_i386.deb Size/MD5: 56374 2905363391284cd15372c561afa58c84 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_i386.deb Size/MD5: 10835860 1d5f09005f41d82b1fc8de6bbbbc704e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_powerpc.deb Size/MD5: 3587416 4fb0627eb34ede9cdef222ac6922f864 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_powerpc.deb Size/MD5: 191710 e861aa2ac24b002c3d8d09d92361b479 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_powerpc.deb Size/MD5: 59456 e7730e5281e7a1497dc7acc33cbafbd7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_powerpc.deb Size/MD5: 11786868 5d30ff59c7a79180e44ceede748cfe2b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_sparc.deb Size/MD5: 3583440 ba60a3479ae70b4676bd4b6dd0969550 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_sparc.deb Size/MD5: 189126 f341629f11ab148821df03bfb9040776 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_sparc.deb Size/MD5: 56804 94062fed37c885f973f5b88bc1f8ff32 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.6.10_sparc.deb Size/MD5: 11051394 4abf064bc37a5fc70cccbe2a151fef43 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.7.04.diff.gz Size/MD5: 126869 8dc57ffb89831b4dc66c4f051aa57f95 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.7.04.dsc Size/MD5: 1631 c7f6fce58ec18bb5723778b59178bc7a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b.orig.tar.gz Size/MD5: 37228621 d17ccd750ecbb20cb3413a76d3b9aae9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_amd64.deb Size/MD5: 3589658 27b9d5fdce9cfe126752bd7859e8308a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_amd64.deb Size/MD5: 195102 2fea377df032d8ce1c930a5e954748e6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_amd64.deb Size/MD5: 60238 755f612bbb949646e750d1618924d02d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_amd64.deb Size/MD5: 12192262 a1568e41e6dbff1116aceb7c67fe9158 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_i386.deb Size/MD5: 3586226 a2cb8a7f7d47c7c5f0f56d2c212cc12f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_i386.deb Size/MD5: 189754 fba57a9700197d65dcc3699d1ed037f2 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_i386.deb Size/MD5: 56852 116efc9a033f033f270654fe3b23ea3b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_i386.deb Size/MD5: 10922872 75967a89ffbd394a0273d03705b48301 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_powerpc.deb Size/MD5: 3590366 a0683d32f537dba7e0a4377ebd403e59 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_powerpc.deb Size/MD5: 193248 a6428c169a03e2546a8d7fa9995a099a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_powerpc.deb Size/MD5: 60234 1dec455cf1e883cdb37ea1568c6fb8e6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_powerpc.deb Size/MD5: 12138012 34e24e0295304b4a8df6f0a2cdc63213 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_sparc.deb Size/MD5: 3585084 53d581a08ada5f8f64947c1d36a468c4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_sparc.deb Size/MD5: 189580 3b4486fd86b0b30328ba510b062f3447 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_sparc.deb Size/MD5: 57290 0cded8c0cf68745a01124184a1b2687e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.14b-0ubuntu0.7.04_sparc.deb Size/MD5: 11152460 1fc1f96a648a553ee45affa8eedd7885 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10.diff.gz Size/MD5: 125259 4f889da5270b094f4ddb87561be82d37 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10.dsc Size/MD5: 1856 3c1acdf646f5a9d1f081ad01022cff2b http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly.orig.tar.gz Size/MD5: 35014336 23abe29e46bad10f874cfbc8380db2ef Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_all.deb Size/MD5: 59810 d2c94c734ce828be7d96423b755075fd http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_all.deb Size/MD5: 59796 ff876515c1b37974d15c292bd5fd5eb8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_amd64.deb Size/MD5: 3770448 a931fcffe4748f8807a14f27de636958 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_amd64.deb Size/MD5: 84916 9fd78bd9ae0447e0b6306dd8edf37015 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_amd64.deb Size/MD5: 12390206 88606b14790bd6b2fa5acf6ef90aab99 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_i386.deb Size/MD5: 3759064 2923f86da6f4d86baec8dde4293618b0 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_i386.deb Size/MD5: 80272 f27201c2d4becd2326e07cae825d547a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_i386.deb Size/MD5: 10964382 4bff0c2913d6dcbaadb730701de18f08 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_powerpc.deb Size/MD5: 3773776 f22345e3f7838c96077a703d9c087bc6 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_powerpc.deb Size/MD5: 83268 5e83d783ce3175956186722d45544eee http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_powerpc.deb Size/MD5: 12237922 21afdb04b647c76f3c2474adce0fd1a6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_sparc.deb Size/MD5: 3755566 9491b1ae1db67968ba94075284708b66 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_sparc.deb Size/MD5: 79672 00eecd245a7667c985135a2c53aa9f9c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10_sparc.deb Size/MD5: 11233884 8652b25a70b2844be0ab3aa5f3480cb6