Ubuntu Security Notice 3436-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
c318a713d641f72943a1eb076cf9dbfb8ac780f39348d155d5975aee3254be42