=========================================================== Ubuntu Security Notice USN-469-1 June 05, 2007 mozilla-thunderbird vulnerabilities CVE-2007-1558, CVE-2007-2867, CVE-2007-2868 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.12-0ubuntu0.6.06 Ubuntu 6.10: mozilla-thunderbird 1.5.0.12-0ubuntu0.6.10 Ubuntu 7.04: mozilla-thunderbird 1.5.0.12-0ubuntu0.7.04 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Gaëtan Leurent showed a weakness in APOP authentication. An attacker posing as a trusted server could recover portions of the user's password via multiple authentication attempts. (CVE-2007-1558) Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2007-2867, CVE-2007-2868) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.diff.gz Size/MD5: 455017 6134996c92b001015b30150c2dc1ebc9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.dsc Size/MD5: 1603 a28b5d142a6f31040ed31e9a6d6bc89f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 3536144 14ea0a1977a5320fd835fd001d67346f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 194244 8b458963ac0651ed0cd6391eff999922 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 59492 f72ea0bdf598e970be1fc2bc4c13aca5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_amd64.deb Size/MD5: 12072898 5c56a62ecebbd04b0d5800e02bb0f962 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 3529200 7e19aa6138e8feed5cff6d838b6028a9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 187602 6820a2a671a38afd15a0f6a85d836e1a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 55014 7bafe57ee68339de3cd6b652b38f732e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_i386.deb Size/MD5: 10348548 b9681e3ee16c04c08339ec2ef01a6c88 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 3534496 3c48628681299abaee19fc0beba5ab78 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 190946 fbbcce5b8063cb919394a9eb6606be14 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 58594 feced950d4786dca229a3311d78ebd92 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_powerpc.deb Size/MD5: 11625662 84c92da6096228d1e9d9b88bd7b04175 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_sparc.deb Size/MD5: 3531010 bcc28364913ee9a39fcbe927c18c63b6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_sparc.deb Size/MD5: 188396 269be710a7fba93ef6b097b2b9fff9db http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_sparc.deb Size/MD5: 56508 53c80fc5eee71c35c5ac6bd02d378d88 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_sparc.deb Size/MD5: 10819654 ef89c7e36efdb96ac78708d29d8549b9 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.diff.gz Size/MD5: 455848 d0c748328245e197cae6535eb8f432ef http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.dsc Size/MD5: 1601 bd27533176397a9e5dfbf7f78bc0663e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_amd64.deb Size/MD5: 3535944 23d30ebe5ef94e613e7967b1db8ef31b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_amd64.deb Size/MD5: 194370 45be8ffeacd6effc2f9dc7760c95872b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_amd64.deb Size/MD5: 59488 332a5fc9ba7aaee2f415f8b7d48df4d3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_amd64.deb Size/MD5: 12069218 a95212832d428490b423c3f1f4d8fb6f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_i386.deb Size/MD5: 3532554 c3e7b0d29512c4fcdeb4c44d2cf254ee http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_i386.deb Size/MD5: 189032 1af5c94758d03e290996aabe28f4e468 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_i386.deb Size/MD5: 56130 b8dd5169a5c9d2e64f92a5077125e5fe http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_i386.deb Size/MD5: 10807154 3182256c2c4e3dcf8ce0af8c08c79b9e powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_powerpc.deb Size/MD5: 3534536 3f01d1dd21c6f9c4876cbe26c99b9b7a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_powerpc.deb Size/MD5: 191466 d3d76899b21d9c6a00b74c59375ef410 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_powerpc.deb Size/MD5: 59150 d00037720c85c34f71289eb5e38495e6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_powerpc.deb Size/MD5: 11755910 5e4af6da8f47a49d55f79679299ca1c5 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_sparc.deb Size/MD5: 3531000 cfe826422c56a92146ef11cd7ac8a12b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_sparc.deb Size/MD5: 188848 4749b5b3be87a3fcd12dc3d40a49a855 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_sparc.deb Size/MD5: 56542 da871004b8b3361955e80fde84bb6912 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_sparc.deb Size/MD5: 11021978 278ddf14608e203be94128d4d813c17c Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.diff.gz Size/MD5: 126465 cc8f051889c9b0b3e38d7209405dea69 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.dsc Size/MD5: 1601 7c375b22a857fcd739595e99d69030be http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_amd64.deb Size/MD5: 3536244 487c6c4f6eeea7b685882f7782499c1f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_amd64.deb Size/MD5: 194854 1878f36a0df3331ac035cc0a7141e0e6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_amd64.deb Size/MD5: 59982 10922e4c84d5d0a742d1673cfd9cb7f0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_amd64.deb Size/MD5: 12164292 bb2c2e8b5ef6419e408cdaf5096367ee i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_i386.deb Size/MD5: 3533300 2aa267d22e69adf1952365381ee223c4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_i386.deb Size/MD5: 189498 b3e5a7fd372e13926d5b0ab65e8fe78b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_i386.deb Size/MD5: 56606 96e62d17f21013a3b801cbe6bbddd665 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_i386.deb Size/MD5: 10893370 b0c17d6fabacc7c2cf1f1ab11a603a63 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_powerpc.deb Size/MD5: 3537168 a7afc930e25aaca21915bda7fd27df94 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_powerpc.deb Size/MD5: 192978 65ec6c5bf4483df668b9a848e7d38754 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_powerpc.deb Size/MD5: 59968 e808d5650b3bb3e9fb8db66f64d60d91 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_powerpc.deb Size/MD5: 12107396 fc8addfa0baf3cf6104a65e66bf4cce6 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_sparc.deb Size/MD5: 3532440 4b4d48c1c6ec051f79023aa4ab02a38a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_sparc.deb Size/MD5: 189318 d84f7d16f44ce1bf1f989a316f13f901 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_sparc.deb Size/MD5: 57038 ef6a777ccc9464d7c74b774c61afe3f3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_sparc.deb Size/MD5: 11123392 f73b585d8506d5be115aa006ac2ede2a