USN-3278-1: Thunderbird vulnerabilities

Ubuntu Security Notice USN-3278-1

16th May, 2017

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

  • thunderbird
    – Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to read uninitialized memory, cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5429,
CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445,
CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467)

Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to spoof the addressbar
contents, conduct cross-site scripting (XSS) attacks, cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5432,
CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438,
CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449,
CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464,
CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2017-10195,
CVE-2017-10196, CVE-2017-10197)

A flaw was discovered in the DRBG number generation in NSS. If an
attacker were able to perform a man-in-the-middle attack, this flaw
could potentially be exploited to view sensitive information.
(CVE-2017-5462)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.04:
thunderbird

1:52.1.1+build1-0ubuntu0.17.04.1
Ubuntu 16.10:
thunderbird

1:52.1.1+build1-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
thunderbird

1:52.1.1+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
thunderbird

1:52.1.1+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2017-10195,

CVE-2017-10196,

CVE-2017-10197,

CVE-2017-5429,

CVE-2017-5430,

CVE-2017-5432,

CVE-2017-5433,

CVE-2017-5434,

CVE-2017-5435,

CVE-2017-5436,

CVE-2017-5437,

CVE-2017-5438,

CVE-2017-5439,

CVE-2017-5440,

CVE-2017-5441,

CVE-2017-5442,

CVE-2017-5443,

CVE-2017-5444,

CVE-2017-5445,

CVE-2017-5446,

CVE-2017-5447,

CVE-2017-5449,

CVE-2017-5451,

CVE-2017-5454,

CVE-2017-5459,

CVE-2017-5460,

CVE-2017-5461,

CVE-2017-5462,

CVE-2017-5464,

CVE-2017-5465,

CVE-2017-5466,

CVE-2017-5467,

CVE-2017-5469


Source From: ubuntu.com.
Original article title: USN-3278-1: Thunderbird vulnerabilities.
This full article can be read at: USN-3278-1: Thunderbird vulnerabilities.

Advertisement


Random Article You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*