Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.
5419ae4fb245c6c535395ea9b94b38b179ed987669180fa8c3c08cbbe2746990
===========================================================
Ubuntu Security Notice USN-958-1 July 26, 2010
thunderbird vulnerabilities
CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
thunderbird 3.0.6+build2+nobinonly-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Details follow:
Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing malicious content, a remote attacker could
use this to crash Thunderbird or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1211, CVE-2010-1212)
An integer overflow was discovered in how Thunderbird processed CSS values.
An attacker could exploit this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2752)
An integer overflow was discovered in how Thunderbird interpreted the XUL
element. If a user were tricked into viewing malicious content, a remote
attacker could use this to crash Thunderbird or possibly run arbitrary code
as the user invoking the program. (CVE-2010-2753)
Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)
Yosuke Hasegawa discovered that the same-origin check in Thunderbird could
be bypassed by utilizing the importScripts Web Worker method. If a user
were tricked into viewing malicious content, an attacker could exploit this
to read data from other domains. (CVE-2010-1213)
Chris Evans discovered that Thunderbird did not properly process improper
CSS selectors. If a user were tricked into viewing malicious content, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)
Soroush Dalili discovered that Thunderbird did not properly handle script
error output. An attacker could use this to access URL parameters from
other domains. (CVE-2010-2754)
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 92850 bc785c0348418206d4c8588ebaac0132
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2412 a28a4d277235e3b6331a53471c467213
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly.orig.tar.gz
Size/MD5: 61048660 055766c535ba92126b033128d6540dd4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 64137096 67d94866d04e19b71ad34521e78377cd
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5245646 e2eb4667407a5db752c62ad5a9f9df91
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 148998 4eb30277c88a46b9f65bf80d9ca984bd
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9296 4ed1c5b7788eb65fbccb960617217f44
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 11386116 cabfab2567a14b23bc0a46351ff4dbb7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 64479186 0e6a1a89d7591d3d143cf12c12680ac6
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5311316 870ff89004da182aac32cac5d38027e4
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 148154 6541fcf1d83a42fb02926a81f0a50858
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9292 000175067546013dc9ed8b2dcc12072e
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 10413876 9881b8ec4cd24233f1d7904997f04188
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 67105712 cfac784d5b5369f85ee450bb6b8aa06d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5238112 1666f03c78dffbbfdfe27697b6c1a983
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 153330 2b28241ad770ced2dc0deb4d04e91f62
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9296 9caeeb0a6fd9694c0a2c26cfd7c007d9
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11266520 cc5caab3d5bb3dedbfd08f0cdbbe1cc3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 63651728 ecce696ddbd92be7a0e3d285317b3ab2
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5219274 f791be2a355ccb057e3526d56b3952d7
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 144264 7ad54644130634dd28eec04fe01a2322
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9298 e69ad6c66d4a5907d7fb61aa1a12a0f3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 10521756 8247952d2eff647da997dd86595e869f