Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

thunderbird vulnerabilities

Related Vulnerabilities: CVE-2013-0801   CVE-2013-1669   CVE-2013-1670   CVE-2013-1674   CVE-2013-1675   CVE-2013-1676   CVE-2013-1677   CVE-2013-1678   CVE-2013-1679   CVE-2013-1680   CVE-2013-1681  

Several security issues were fixed in Thunderbird.

Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0801, CVE-2013-1669)

Source

14 May 2013

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software Description

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0801, CVE-2013-1669)

Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670)

A use-after-free was discovered when resizing video content whilst it is playing. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1674)

It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675)

Abhishek Arya discovered multiple memory safety issues in Thunderbird. If the user were tricked into opening a specially crafted message, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04
thunderbird - 17.0.6+build1-0ubuntu0.13.04.1
Ubuntu 12.10
thunderbird - 17.0.6+build1-0ubuntu0.12.10.1
Ubuntu 12.04 LTS
thunderbird - 17.0.6+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started