Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1791-1)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan
Sreckovic and Joe Drew discovered multiple memory safety issues
affecting Thunderbird. If the user were tricked into opening a
specially crafted message with scripting enabled, an attacker could
possibly exploit these to cause a denial of service via application
crash, or potentially execute code with the privileges of the user
invoking Thunderbird. (CVE-2013-0788)

Ambroz Bizjak discovered an out-of-bounds array read in the
CERT_DecodeCertPackage function of the Network Security Services (NSS)
libary when decoding certain certificates. An attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2013-0791)

Mariusz Mlynski discovered that timed history navigations could be
used to load arbitrary websites with the wrong URL displayed in the
addressbar. An attacker could exploit this to conduct cross-site
scripting (XSS) or phishing attacks if scripting were enabled.
(CVE-2013-0793)

Cody Crews discovered that the cloneNode method could be used to
bypass System Only Wrappers (SOW) to clone a protected node and bypass
same-origin policy checks. If a user had enabled scripting, an
attacker could potentially exploit this to steal confidential data or
execute code with the privileges of the user invoking Thunderbird.
(CVE-2013-0795)

A crash in WebGL rendering was discovered in Thunderbird. An attacker
could potentially exploit this to execute code with the privileges of
the user invoking Thunderbird if scripting were enabled. This issue
only affects users with Intel graphics drivers. (CVE-2013-0796)

Abhishek Arya discovered an out-of-bounds write in the Cairo graphics
library. An attacker could potentially exploit this to execute code
with the privileges of the user invoking Thunderbird. (CVE-2013-0800).

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 65867 ()

Bugtraq ID: 58819
58825
58826
58831
58836
58837

CVE ID: CVE-2013-0788
CVE-2013-0791
CVE-2013-0793
CVE-2013-0795
CVE-2013-0796
CVE-2013-0800