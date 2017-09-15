This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

From: Chris Coulson <chris.coulson@canonical.com>

Reply-To: Ubuntu Security <security@ubuntu.com>

To: ubuntu-security-announce@lists.ubuntu.com

Message-ID: <5febe46f-0eb1-a87f-d9fb-31c81de18485@canonical.com>

Subject: [USN-3416-1] Thunderbird vulnerabilities



==========================================================================

Ubuntu Security Notice USN-3416-1

September 14, 2017



thunderbird vulnerabilities

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



Several security issues were fixed in Thunderbird.



Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client



Details:



Multiple security issues were discovered in Thunderbird. If a user were

tricked in to opening a specially crafted website in a browsing context,

an attacker could potentially exploit these to bypass same-origin

restrictions, bypass CSP restrictions, obtain sensitive information, spoof

the origin of modal alerts, cause a denial of service via application

crash, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779,

CVE-2017-7784, CVE-2017-7785, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,

CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807,

CVE-2017-7809)



A buffer overflow was discovered when displaying SVG content in some

circumstances. If a user were tricked in to opening a specially crafted

message, an attacker could potentially exploit this to cause a denial of

service via application crash, or execute arbitrary code. (CVE-2017-7786)



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

thunderbird 1:52.3.0+build1-0ubuntu0.17.04.1



Ubuntu 16.04 LTS:

thunderbird 1:52.3.0+build1-0ubuntu0.16.04.1



Ubuntu 14.04 LTS:

thunderbird 1:52.3.0+build1-0ubuntu0.14.04.1



After a standard system update you need to restart Thunderbird to make

all the necessary changes.



References:

https://www.ubuntu.com/usn/usn-3416-1

CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785,

CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,

CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803,

CVE-2017-7807, CVE-2017-7809



Package Information:

https://launchpad.net/ubuntu/+source/thunderbird/1:52.3.0+build1-0ubuntu0.17.04.1

https://launchpad.net/ubuntu/+source/thunderbird/1:52.3.0+build1-0ubuntu0.16.04.1

https://launchpad.net/ubuntu/+source/thunderbird/1:52.3.0+build1-0ubuntu0.14.04.1







