===========================================================
Ubuntu Security Notice USN-958-1              July 26, 2010
thunderbird vulnerabilities
CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.6+build2+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing malicious content, a remote attacker could
use this to crash Thunderbird or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1211, CVE-2010-1212)

An integer overflow was discovered in how Thunderbird processed CSS values.
An attacker could exploit this to crash Thunderbird or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2752)

An integer overflow was discovered in how Thunderbird interpreted the XUL
element. If a user were tricked into viewing malicious content, a remote
attacker could use this to crash Thunderbird or possibly run arbitrary code
as the user invoking the program. (CVE-2010-2753)

Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)

Yosuke Hasegawa discovered that the same-origin check in Thunderbird could
be bypassed by utilizing the importScripts Web Worker method. If a user
were tricked into viewing malicious content, an attacker could exploit this
to read data from other domains. (CVE-2010-1213)

Chris Evans discovered that Thunderbird did not properly process improper
CSS selectors. If a user were tricked into viewing malicious content, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)

Soroush Dalili discovered that Thunderbird did not properly handle script
error output. An attacker could use this to access URL parameters from
other domains. (CVE-2010-2754)


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.diff.gz
      Size/MD5:    92850 bc785c0348418206d4c8588ebaac0132
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1.dsc
      Size/MD5:     2412 a28a4d277235e3b6331a53471c467213
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly.orig.tar.gz
      Size/MD5: 61048660 055766c535ba92126b033128d6540dd4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 64137096 67d94866d04e19b71ad34521e78377cd
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:  5245646 e2eb4667407a5db752c62ad5a9f9df91
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:   148998 4eb30277c88a46b9f65bf80d9ca984bd
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:     9296 4ed1c5b7788eb65fbccb960617217f44
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 11386116 cabfab2567a14b23bc0a46351ff4dbb7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 64479186 0e6a1a89d7591d3d143cf12c12680ac6
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:  5311316 870ff89004da182aac32cac5d38027e4
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:   148154 6541fcf1d83a42fb02926a81f0a50858
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:     9292 000175067546013dc9ed8b2dcc12072e
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 10413876 9881b8ec4cd24233f1d7904997f04188

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 67105712 cfac784d5b5369f85ee450bb6b8aa06d
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:  5238112 1666f03c78dffbbfdfe27697b6c1a983
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:   153330 2b28241ad770ced2dc0deb4d04e91f62
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:     9296 9caeeb0a6fd9694c0a2c26cfd7c007d9
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 11266520 cc5caab3d5bb3dedbfd08f0cdbbe1cc3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 63651728 ecce696ddbd92be7a0e3d285317b3ab2
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:  5219274 f791be2a355ccb057e3526d56b3952d7
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:   144264 7ad54644130634dd28eec04fe01a2322
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:     9298 e69ad6c66d4a5907d7fb61aa1a12a0f3
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.6+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 10521756 8247952d2eff647da997dd86595e869f