drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Mozilla Thunderbird
Name: |
Mehrere Probleme in Mozilla Thunderbird |
|
ID: |
USN-1791-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Mo, 8. April 2013, 18:02 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800 |
|
Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5240497696898933723== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2MBGIODXONDFDLSCFDDPX"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2MBGIODXONDFDLSCFDDPX Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1791-1 April 08, 2013
thunderbird vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0788)
Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2013-0791)
Mariusz Mlynski discovered that timed history navigations could be used to load arbitrary websites with the wrong URL displayed in the addressbar. An attacker could exploit this to conduct cross-site scripting (XSS) or phishing attacks if scripting were enabled. (CVE-2013-0793)
Cody Crews discovered that the cloneNode method could be used to bypass System Only Wrappers (SOW) to clone a protected node and bypass same-origin policy checks. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0795)
A crash in WebGL rendering was discovered in Thunderbird. An attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird if scripting were enabled. This issue only affects users with Intel graphics drivers. (CVE-2013-0796)
Abhishek Arya discovered an out-of-bounds write in the Cairo graphics library. An attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0800)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: thunderbird 17.0.5+build1-0ubuntu0.12.10.1
Ubuntu 12.04 LTS: thunderbird 17.0.5+build1-0ubuntu0.12.04.1
Ubuntu 11.10: thunderbird 17.0.5+build1-0ubuntu0.11.10.1
Ubuntu 10.04 LTS: thunderbird 17.0.5+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1791-1 CVE-2013-0788, CVE-2013-0791, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800, https://launchpad.net/bugs/1162043
Package Information: https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.10.04.1
------enig2MBGIODXONDFDLSCFDDPX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird-Trunk - http://www.enigmail.net/
iQEcBAEBAgAGBQJRYseMAAoJEGEfvezVlG4PXuAH/RtpRTrn93jSHH0ivMqwwMgt wHY6onLoHND0W2h2woa4vKXh5HAvZ8Hn+eOn2zJttaX1R0e1fFYuKI0on77F4aA5 +jNEl5niGjN9uyYWp01CDlUX4IvGzbBAauO84khoLtCdaZRRuAm/drDzUjU9epYQ 7K+/X0EMfE3Wa9uSCMQ66MSb45vmCd6XkwtaOife3Ro0IiND3395qxLJz0QsEdn/ 5hgsKb+XvEjOw3mvx5oelJjdxLA/9lR4CfRm4pmEk0CjqA2fgz0CDeWtLndM54yg dklHvwolfW0rdpnHFPxAYAlEDchs1vCpLY9dwkpL4ynmZQ6bqa+YwJPWJ6euH5Q= =M9kE -----END PGP SIGNATURE-----
------enig2MBGIODXONDFDLSCFDDPX--
--===============5240497696898933723== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5240497696898933723==--
|
|
|
|