Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman,
Dan Gohman and Christoph Diehl discovered multiple memory safety
issues in Thunderbird. If a user were tricked in to opening a
specially crafted message with scripting enabled, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2014-1493)

Atte Kettunen discovered an out-of-bounds read during WAV file
decoding. If a user had enabled audio, an attacker could potentially
exploit this to cause a denial of service via application crash.
(CVE-2014-1497)

Robert O'Callahan discovered a mechanism for timing attacks involving
SVG filters and displacements input to feDisplacementMap. If a user
had enabled scripting, an attacker could potentially exploit this to
steal confidential information across domains. (CVE-2014-1505)

Tyson Smith and Jesse Schwartzentruber discovered an out-of-bounds
read during polygon rendering in MathML. If a user had enabled
scripting, an attacker could potentially exploit this to steal
confidential information across domains. (CVE-2014-1508)

John Thomson discovered a memory corruption bug in the Cairo graphics
library. If a user had a malicious extension installed, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of
the user invoking Thunderbird. (CVE-2014-1509)

Mariusz Mlynski discovered that web content could open a chrome
privileged page and bypass the popup blocker in some circumstances. If
a user had enabled scripting, an attacker could potentially exploit
this to execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2014-1510, CVE-2014-1511)

It was discovered that memory pressure during garbage collection
resulted in memory corruption in some circumstances. If a user had
enabled scripting, an attacker could potentially exploit this to cause
a denial of service via application crash or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2014-1512)

Jüri Aedla discovered out-of-bounds reads and writes with
TypedArrayObject in some circumstances. If a user had enabled
scripting, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2014-1513)

George Hotz discovered an out-of-bounds write with TypedArrayObject.
If a user had enabled scripting, an attacker could potentially exploit
this to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2014-1514).

Solution :

Update the affected thunderbird package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true