Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 : thunderbird vulnerabilities (USN-2189-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij,
Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple
memory safety issues in Thunderbird. If a user were tricked in to
opening a specially crafted message with scripting enabled, an
attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges
of the user invoking Thunderbird. (CVE-2014-1518)

Abhishek Arya discovered an out of bounds read when decoding JPG
images. An attacker could potentially exploit this to cause a denial
of service via application crash. (CVE-2014-1523)

Abhishek Arya discovered a buffer overflow when a script uses a
non-XBL object as an XBL object. If a user had enabled scripting, an
attacker could potentially exploit this to execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2014-1524)

Mariusz Mlynski discovered that sites with notification permissions
can run script in a privileged context in some circumstances. If a
user had enabled scripting, an attacker could exploit this to execute
arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2014-1529)

It was discovered that browser history navigations could be used to
load a site with the addressbar displaying the wrong address. If a
user had enabled scripting, an attacker could potentially exploit this
to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)

A use-after-free was discovered when resizing images in some
circumstances. If a user had enabled scripting, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2014-1531)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free
during host resolution in some circumstances. An attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2014-1532).

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 73803 ()

Bugtraq ID: 67123
67129
67130
67131
67134
67135
67137

CVE ID: CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532