Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : thunderbird vulnerabilities (USN-2819-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris
Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and
Gary Kwong discovered multiple memory safety issues in Thunderbird. If
a user were tricked in to opening a specially crafted message, an
attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges
of the user invoking Thunderbird. (CVE-2015-4513)

Tyson Smith and David Keeler discovered a use-after-poison and buffer
overflow in NSS. An attacker could potentially exploit these to cause
a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2015-7181,
CVE-2015-7182)

Ryan Sleevi discovered an integer overflow in NSPR. An attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2015-7183)

Michal Bentkowski discovered that adding white-space to hostnames
that are IP addresses can bypass same-origin protections. If a user
were tricked in to opening a specially crafted website in a
browser-like context, an attacker could potentially exploit this to
conduct cross-site scripting (XSS) attacks. (CVE-2015-7188)

Looben Yang discovered a buffer overflow during script interactions
with the canvas element in some circumstances. If a user were tricked
in to opening a specially crafted website in a browser-like context,
an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2015-7189)

Shinto K Anto discovered that CORS preflight is bypassed when
receiving non-standard Content-Type headers in some circumstances. If
a user were tricked in to opening a specially crafted website in a
browser-like context, an attacker could potentially exploit this to
bypass same-origin restrictions. (CVE-2015-7193)

Gustavo Grieco discovered a buffer overflow in libjar in some
circumstances. If a user were tricked in to opening a specially
crafted website in a browser-like context, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2015-7194)

Ehsan Akhgari discovered a mechanism for a web worker to bypass secure
requirements for web sockets. If a user were tricked in to opening a
specially crafted website in a browser-like context, an attacker could
exploit this to bypass the mixed content web socket policy.
(CVE-2015-7197)

Ronald Crane discovered several vulnerabilities through
code-inspection. If a user were tricked in to opening a specially
crafted website in a browser-like context, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected thunderbird package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now