Articles / Ubuntu: New Thunderbird pac...

Ubuntu: New Thunderbird packages fix security vulnerability

Various flaws were discovered in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-998-1           October 20, 2010
thunderbird vulnerabilities
CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179,
CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
 thunderbird                     3.0.9+build1+nobinonly-0ubuntu0.10.04.1

Ubuntu 10.10:
 thunderbird                     3.1.5+build1+nobinonly-0ubuntu0.10.10.1

After a standard system update you need to restart Thunderbird to make all
the necessary changes.

Details follow:

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary
Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered
various flaws in the browser engine. An attacker could exploit this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-3175, CVE-2010-3176)

Alexander Miller, Sergey Glazunov, and others discovered several flaws in
the JavaScript engine. If JavaScript were enabled, an attacker could
exploit this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)

Eduardo Vela Nava discovered that Thunderbird could be made to violate the
same-origin policy by using modal calls with JavaScript. If JavaScript were
enabled, an attacker could exploit this to steal information from another
site. (CVE-2010-3178)

Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly
setup the LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking the program.
(CVE-2010-3182)


Updated packages for Ubuntu 10.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1.diff.gz
     Size/MD5:    95097 3b820b97dccc465ea044b7a272fdc8d9
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1.dsc
     Size/MD5:     2412 387aa374c72b37d99e7e318b8e43acbf
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly.orig.tar.gz
     Size/MD5: 60899014 7d2be2a088f8b4206907b15c864eed52

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
     Size/MD5: 64192710 d8b9db9d05a778aeec350ff7c7ea74a4
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
     Size/MD5:  5771404 dd7e6b456234ac984e492046c5640225
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
     Size/MD5:   149136 2bb12625422eaa66380afc63abf6705d
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
     Size/MD5:     9300 fb69d2b349444b85014ab90278fe247c
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
     Size/MD5: 11417872 a8614d1abad929d534157c00f70bbb3a

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
     Size/MD5: 64523832 6f5f6303f3bae014e5b38ea431ce72c3
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
     Size/MD5:  5834496 ebdaf198d5e461b79cbff7c65870ae93
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
     Size/MD5:   148276 4b96fd44790a55884ab7d965264b3212
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
     Size/MD5:     9290 efaad1dfc9ac1164d389406f09f374a6
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
     Size/MD5: 10456058 43be1c1e3e25086e4194c65ee9d80f51

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
     Size/MD5: 67174194 fd9e7d09bde7484758afbbf853a3d303
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
     Size/MD5:  5240444 d9f5eab1821399e37802f2559f299f6d
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
     Size/MD5:   153468 73f3e25ed341c29828b9b37d1e8fb142
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
     Size/MD5:     9304 6da40fbea8cdcebf9c7321001625d78e
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
     Size/MD5: 11271328 00b609e4563a886410eb81862a2c759b

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
     Size/MD5: 63719158 b75221c3b7ef3a7066100877a538d5e3
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
     Size/MD5:  5220982 d75dcceefe7a3aaa20feecdee56815a9
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
     Size/MD5:   144390 b635c9ecfe7a71057e5e1037423055c6
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
     Size/MD5:     9296 a3b49ba9e351f50b756c0966b738ee3f
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
     Size/MD5: 10529270 f5c48a60fef599ed65b3f7b2ee155e99

Updated packages for Ubuntu 10.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1.diff.gz
     Size/MD5:    98089 6bcacb112e75b1ea6d1f2c03e42a2655
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1.dsc
     Size/MD5:     2468 f92fc2b8b92cf814986e0b9b79019510
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly.orig.tar.gz
     Size/MD5: 66546029 359e65546b29fb7e417637291393f104

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
     Size/MD5: 62603474 6cb66cd9627f6b2421d213cc541098cf
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
     Size/MD5:  5006090 9a0a610fa02d7bb35aa36d5eb404d156
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
     Size/MD5:   181308 1867a97e101e7f97f7ae6ccabc98e1b9
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
     Size/MD5:     9384 3f0d409e02f351c6362da9ddc12f1e05
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
     Size/MD5: 12042310 2d7a2e4ca18e79775b58ee9f03512a3a

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
     Size/MD5: 63136006 64326c4d59ff770b9dae52e2b16d4eb2
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
     Size/MD5:  5143614 82b15cecbe0d1602421238f034f5008f
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
     Size/MD5:   180446 9c269d8f53b3bc6e715c793717660c91
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
     Size/MD5:     9376 9fba11d210e9364c2f8914cf4e28e23e
   http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
     Size/MD5: 11061068 a5d79a92d1a504caa03f5b5d3a646af7

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
     Size/MD5: 65395550 60846228807534f5aafcd1f85809c51d
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
     Size/MD5:  4978992 dac3232b41d546f4bdeadcbb715e49e8
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
     Size/MD5:   187102 ba03adced0f96c0fe84b3dc2edf59636
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
     Size/MD5:     9382 42871e6a679dfcb0403c3d0fd73e3cf3
   http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
     Size/MD5: 11745480 97c701050c6da23044085945a2bac2a6
Screenshot

Project Spotlight

Aspose.Email for .NET

A suite of .NET components for email programming.

Screenshot

Project Spotlight

MDIFramework

A ready-to-use architecture to ease the creation of MDI-style applications in Java.