Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and
others discovered several memory corruption flaws in Thunderbird. If a
user were tricked into opening a malicious website and had JavaScript
enabled, an attacker could exploit these to execute arbitrary
JavaScript code within the context of another website or arbitrary
code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983,
CVE-2012-3988, CVE-2012-3989, CVE-2012-4191)

David Bloom and Jordi Chancel discovered that Thunderbird did not
always properly handle the <select> element. If a user were tricked
into opening a malicious website and had JavaScript enabled, a remote
attacker could exploit this to conduct URL spoofing and clickjacking
attacks. (CVE-2012-3984)

Collin Jackson discovered that Thunderbird did not properly follow the
HTML5 specification for document.domain behavior. If a user were
tricked into opening a malicious website and had JavaScript enabled, a
remote attacker could exploit this to conduct cross-site scripting
(XSS) attacks via JavaScript execution. (CVE-2012-3985)

Johnny Stenback discovered that Thunderbird did not properly perform
security checks on test methods for DOMWindowUtils. (CVE-2012-3986)

Alice White discovered that the security checks for GetProperty could
be bypassed when using JSAPI. If a user were tricked into opening a
specially crafted web page and had JavaScript enabled, a remote
attacker could exploit this to execute arbitrary code as the user
invoking the program. (CVE-2012-3991)

Mariusz Mlynski discovered a history state error in Thunderbird. If a
user were tricked into opening a malicious website and had JavaScript
enabled, a remote attacker could exploit this to spoof the location
property to inject script or intercept posted data. (CVE-2012-3992)

Mariusz Mlynski and others discovered several flaws in Thunderbird
that allowed a remote attacker to conduct cross-site scripting (XSS)
attacks. With cross-site scripting vulnerabilities, if a user were
tricked into viewing a specially crafted page and had JavaScript
enabled, a remote attacker could exploit these to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-3993,
CVE-2012-3994, CVE-2012-4184)

Abhishek Arya, Atte Kettunen and others discovered several memory
flaws in Thunderbird when using the Address Sanitizer tool. If a user
were tricked into opening a malicious website and had JavaScript
enabled, an attacker could exploit these to execute arbitrary
JavaScript code within the context of another website or execute
arbitrary code as the user invoking the program. (CVE-2012-3990,
CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181,
CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188)

It was discovered that Thunderbird allowed improper access to the
Location object. An attacker could exploit this to obtain sensitive
information. Under certain circumstances, a remote attacker could use
this vulnerability to potentially execute arbitrary code as the user
invoking the program. (CVE-2012-4192, CVE-2012-4193).

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true