Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1681-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Thunderbird.

Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa,
Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse
Ruderman, and Julian Seward discovered multiple memory safety issues
affecting Firefox. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code
with the privileges of the user invoking Firefox. (CVE-2013-0769,
CVE-2013-0749, CVE-2013-0770)

Abhishek Arya discovered several user-after-free and buffer
overflows in Firefox. An attacker could exploit these to
cause a denial of service via application crash, or
potentially execute code with the privileges of the user
invoking Firefox. (CVE-2013-0760, CVE-2013-0761,
CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
CVE-2013-0771, CVE-2012-5829)

A stack buffer was discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker
could possibly exploit this to cause a denial of service via
application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2013-0768)

Masato Kinugawa discovered that Firefox did not always
properly display URL values in the address bar. A remote
attacker could exploit this to conduct URL spoofing and
phishing attacks. (CVE-2013-0759)

Atte Kettunen discovered that Firefox did not properly
handle HTML tables with a large number of columns and column
groups. If the user were tricked into opening a specially
crafted page, an attacker could exploit this to cause a
denial of service via application crash, or potentially
execute code with the privileges of the user invoking
Firefox. (CVE-2013-0744)

Jerry Baker discovered that Firefox did not always properly
handle threading when performing downloads over SSL
connections. An attacker could exploit this to cause a
denial of service via application crash. (CVE-2013-0764)

Olli Pettay and Boris Zbarsky discovered flaws in the
Javacript engine of Firefox. An attacker could cause a
denial of service via application crash, or potentially
execute code with the privileges of the user invoking
Firefox. (CVE-2013-0745, CVE-2013-0746)

Jesse Ruderman discovered a flaw in the way Firefox handled
plugins. If a user were tricked into opening a specially
crafted page, a remote attacker could exploit this to bypass
security protections to conduct clickjacking attacks.
(CVE-2013-0747)

Jesse Ruderman discovered an information leak in Firefox. An
attacker could exploit this to reveal memory address layout
which could help in bypassing ASLR protections.
(CVE-2013-0748)

An integer overflow was discovered in the JavaScript engine,
leading to a heap-based buffer overflow. If the user were
tricked into opening a specially crafted page, an attacker
could possibly exploit this to execute code with the
privileges of the user invoking Firefox. (CVE-2013-0750)

Sviatoslav Chagaev discovered that Firefox did not properly
handle XBL files with multiple XML bindings with SVG
content. An attacker could cause a denial of service via
application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2013-0752)

Mariusz Mlynski discovered two flaws to gain access to
privileged chrome functions. An attacker could possibly
exploit this to execute code with the privileges of the user
invoking Firefox. (CVE-2013-0757, CVE-2013-0758)

Several use-after-free issues were discovered in Firefox. If
the user were tricked into opening a specially crafted page,
an attacker could possibly exploit this to execute code with
the privileges of the user invoking Firefox. (CVE-2013-0753,
CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)

Two intermediate CA certificates were mis-issued by the
TURKTRUST certificate authority. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could
be exploited to view sensitive information. (CVE-2013-0743).

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true