Ubuntu.com/usn: Referenced CVEs:
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169


Description:
===========================================================Ubuntu Security Notice USN-978-1 September 08, 2010thunderbird vulnerabilitiesCVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169===========================================================A security issue affects the following Ubuntu releases:Ubuntu 10.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 10.04 LTS: thunderbird 3.0.7+build1+nobinonly-0ubuntu0.10.04.1After a standard system update you need to restart Thunderbird to makeall the necessary changes.Details follow:Several dangling pointer vulnerabilities were discovered in Thunderbird. Anattacker could exploit this to crash Thunderbird or possibly run arbitrarycode as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,CVE-2010-3167)It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapperdid not always honor the same-origin policy. If JavaScript was enabled, anattacker could exploit this to run untrusted JavaScript from other domains.(CVE-2010-2763)Matt Haggard discovered that Thunderbird did not honor same-origin policywhen processing the statusText property of an XMLHttpRequest object. If auser were tricked into viewing a malicious site, a remote attacker coulduse this to gather information about servers on internal private networks.(CVE-2010-2764)Chris Rohlf discovered an integer overflow when Thunderbird processed theHTML frameset element. If a user were tricked into viewing a malicioussite, a remote attacker could use this to crash Thunderbird or possibly runarbitrary code as the user invoking the program. (CVE-2010-2765)Several issues were discovered in the browser engine. If a user weretricked into viewing a malicious site, a remote attacker could use this tocrash Thunderbird or possibly run arbitrary code as the user invoking theprogram. (CVE-2010-2766, CVE-2010-3168)David Huang and Collin Jackson discovered that the tag couldoverride the charset of a framed HTML document in another origin. Anattacker could utilize this to perform cross-site scripting attacks.(CVE-2010-2768)Paul Stone discovered that with designMode enabled an HTML selectioncontaining JavaScript could be copied and pasted into a document and havethe JavaScript execute within the context of the site where the code wasdropped. If JavaScript was enabled, an attacker could utilize this toperform cross-site scripting attacks. (CVE-2010-2769)A buffer overflow was discovered in Thunderbird when processing text runs.If a user were tricked into viewing a malicious site, a remote attackercould use this to crash Thunderbird or possibly run arbitrary code as theuser invoking the program. (CVE-2010-3166)Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, JeffWalden, Gary Kwong and Olli Pettay discovered several flaws in thebrowser engine. If a user were tricked into viewing a malicious site, aremote attacker could use this to crash Thunderbird or possibly runarbitrary code as the user invoking the program. (CVE-2010-3169)





More...