=========================================================== Ubuntu Security Notice USN-978-2 September 16, 2010 thunderbird regression https://launchpad.net/bugs/640839 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: thunderbird 3.0.8+build2+nobinonly-0ubuntu0.10.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. Details follow: USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2010-2763) Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169) Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1.diff.gz Size/MD5: 95079 66fa008e5f6df031b1ad5f231f431898 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1.dsc Size/MD5: 2412 47d4848db3c5379202c95d1c6846f3ab http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly.orig.tar.gz Size/MD5: 60878127 f9cefc763da1d7635d7f5f0141b1e6b0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 64186380 947fd7418d024742733e7e8bb975b749 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 5245600 b9a5341d9f3748be7702c85eb7f60c6d http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 149030 581de662dc3ae62bbd21c39bf4b6d812 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 9302 379e8be2d12e608a908e1e23875f029b http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 11388686 d54d73646053756283c1f0704089825f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 64524204 1bcb85f2f1a0a3ceeb2f4525e863d9bf http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 5312356 4f0bc7e9e239fcce2affc737dde01b45 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 148190 ff86f91fb4a989f3265280579c68251a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 9294 4fe53877c8393d1d1ae39df58f89dfc2 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 10414156 78d7d44996bd7bebb283c2489801264e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 67171100 38e8af92c7a148870d842edb2b7bdf8e http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 5238736 9f785fa98eedc1670fcb879b43587fc5 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 153372 e28f31ee4b2161653aa076f14ea28c1a http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 9290 2722d1c4757d96f2920af705fe399b48 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 11269554 32f735cb17a6a0e8e47adbd270601070 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 63710592 85de03805d8ebb6838174c7fc0d3c3e0 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 5221108 828ef1cd6aaa6f0b429eb250ef3be855 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 144304 1a2639ca21e782dd1e6c55139d046a84 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 9288 1c6f91e90b24c2c905cd0ec38c9973d5 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.8+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 10525548 f692a83ee6da0da71d23c96cf7aa5278