Ubuntu Security Notice 1791-1 - Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) library when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
12c1ff5d57a3985395b6e2f1e23778f825698b2edb1d69c58bed0f9613954ac0