Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
36273ad9e76ae6b4735d7d4be276aefa43da892c6a64bf66805e2f2a014c897b===========================================================
Ubuntu Security Notice USN-978-1 September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
thunderbird 3.0.7+build1+nobinonly-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Details follow:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
attacker could exploit this to run untrusted JavaScript from other domains.
(CVE-2010-2763)
Matt Haggard discovered that Thunderbird did not honor same-origin policy
when processing the statusText property of an XMLHttpRequest object. If a
user were tricked into viewing a malicious site, a remote attacker could
use this to gather information about servers on internal private networks.
(CVE-2010-2764)
Chris Rohlf discovered an integer overflow when Thunderbird processed the
HTML frameset element. If a user were tricked into viewing a malicious
site, a remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2765)
Several issues were discovered in the browser engine. If a user were
tricked into viewing a malicious site, a remote attacker could use this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-2766, CVE-2010-3168)
David Huang and Collin Jackson discovered that the <object> tag could
override the charset of a framed HTML document in another origin. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-2768)
Paul Stone discovered that with designMode enabled an HTML selection
containing JavaScript could be copied and pasted into a document and have
the JavaScript execute within the context of the site where the code was
dropped. If JavaScript was enabled, an attacker could utilize this to
perform cross-site scripting attacks. (CVE-2010-2769)
A buffer overflow was discovered in Thunderbird when processing text runs.
If a user were tricked into viewing a malicious site, a remote attacker
could use this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3166)
Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff
Walden, Gary Kwong and Olli Pettay discovered several flaws in the
browser engine. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-3169)
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 95206 4bcbfa877f444cf2450eab3515506da1
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2412 0b12f85cb9a236a83093f405c5d6a969
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly.orig.tar.gz
Size/MD5: 60861438 787f3ada01e85ce751a93dcdd44e5b18
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 64189408 f9d30b6540c1f08db812d3c18b5b2bda
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5244574 b269d564ef691c32a2f716c1c7e9aaf3
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 149000 dbf4f8177949f0abb27ee28f9aaab9ee
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9292 c6ce63a3f9c5c6ac3bc38177e8068c8b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 11388676 4a3902f27af3fabbf470d74217cfdec4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 64524720 ffa0415a1fd30ea1676ac8baa2696053
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5835466 7bf21437b4bd3b4ba12e54765f4a080f
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 148158 08a86b8c727c41a9ba6b238d2dcf38a8
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9298 5c212edc616b976c85fc5e2388208047
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 10452902 c0ca4fcc4079ae3c71c96f46daf40b2a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 67162668 bdc28d4ea3920862d7ab443da5da6a00
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5240958 5e2813bf1d9139d5a2f4319f8d7775e3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 153348 cc627997e576e4a2aa92b1a6e6572658
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9298 948556156feafd5217db3f17cf214cec
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11269402 37707d8067040585eb2ba7bb0ac239d4
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 63711766 5546c9d27c8b2f0d7052e2f8ff5f542f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5220548 853e41fbba4e18dec5a318c59240d1a6
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 144284 4f946395f339d5d5909e22f1526eb3ba
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9296 47b20d6748ff4c78d1875c7ab8699f7f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.7+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 10525676 1a0a82cb2fecabdeec28ee544cf34e42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed