Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-943-1)

Ubuntu Security Notice (C) 2010-2014 Canonical, Inc. / NASL script (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Martin Barbella discovered an integer overflow in an XSLT node sorting
routine. An attacker could exploit this to overflow a buffer and cause
a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1199)

An integer overflow was discovered in Thunderbird. If a user were
tricked into viewing malicious content, an attacker could overflow a
buffer and cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program.
(CVE-2010-1196)

Several flaws were discovered in the browser engine of Thunderbird. If
a user were tricked into viewing a malicious site, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1200,
CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)

If was discovered that Thunderbird could be made to access freed
memory. If a user were tricked into viewing a malicious site, a remote
attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program.
(CVE-2010-1121).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 47618 ()

Bugtraq ID: 38952
41082
41087
41090
41093
41094
41099

CVE ID: CVE-2010-1121
CVE-2010-1196
CVE-2010-1199
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203