Several security issues were fixed in Thunderbird.
Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1718)
18 September 2013
A security issue affects these releases of Ubuntu and its derivatives:
Several security issues were fixed in Thunderbird.
Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1718)
Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. If a user had scripting enabled, in some circumstances an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1720)
Alex Chapman discovered an integer overflow vulnerability in the ANGLE library. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1721)
Abhishek Arya discovered a use-after-free in the Animation Manager. If a user had scripting enabled, an attacked could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1722)
Scott Bell discovered a use-after-free when using a select element. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1724)
It was discovered that the scope of new Javascript objects could be accessed before their compartment is initialized. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1725)
Dan Gohman discovered that some variables and data were used in IonMonkey, without being initialized, which could lead to information leakage. (CVE-2013-1728)
Sachin Shinde discovered a crash when moving some XBL-backed nodes in to a document created by document.open(). If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service. (CVE-2013-1730)
Aki Helin discovered a buffer overflow when combining lists, floats and multiple columns. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1732)
Two memory corruption bugs when scrolling were discovered. If a user had scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1735, CVE-2013-1736)
Boris Zbarsky discovered that user-defined getters on DOM proxies would use the expando object as “this”. If a user had scripting enabled, an attacker could potentially exploit this by tricking add-on code in to making incorrect security sensitive decisions based on malicious values. (CVE-2013-1737)
A use-after-free bug was discovered in Thunderbird. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1738)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make all the necessary changes.
Vulmon