Referenced CVEs:
CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070
Description:
=========================================================== Ubuntu Security Notice USN-647-1 September 26, 2008mozilla-thunderbird, thunderbird vulnerabilitiesCVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064,CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068,CVE-2008-4070===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1Ubuntu 7.04: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1Ubuntu 7.10: thunderbird 2.0.0.17+nobinonly-0ubuntu0.7.10.1Ubuntu 8.04 LTS: thunderbird 2.0.0.17+nobinonly-0ubuntu0.8.04.1After a standard system upgrade you need to restart Thunderbird toeffect the necessary changes.Details follow:It was discovered that the same-origin check in Thunderbird couldbe bypassed. If a user had JavaScript enabled and were tricked intoopening a malicious website, an attacker may be able to executeJavaScript in the context of a different website. (CVE-2008-3835)Several problems were discovered in the browser engine ofThunderbird. If a user had JavaScript enabled, this could allow anattacker to execute code with chrome privileges. (CVE-2008-4058,CVE-2008-4059, CVE-2008-4060)Drew Yao, David Maciejak and other Mozilla developers found severalproblems in the browser engine of Thunderbird. If a user hadJavaScript enabled and were tricked into opening a malicious webpage, an attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)Dave Reed discovered a flaw in the JavaScript parsing code whenprocessing certain BOM characters. An attacker could exploit thisto bypass script filters and perform cross-site scripting attacksif a user had JavaScript enabled. (CVE-2008-4065)Gareth Heyes discovered a flaw in the HTML parser of Thunderbird. Ifa user had JavaScript enabled and were tricked into opening amalicious web page, an attacker could bypass script filtering andperform cross-site scripting attacks. (CVE-2008-4066)Boris Zbarsky and Georgi Guninski independently discovered flaws inthe resource: protocol. An attacker could exploit this to performdirectory traversal, read information about the system, and promptthe user to save information in a file. (CVE-2008-4067,CVE-2008-4068)Georgi Guninski discovered that Thunderbird improperly handledcancelled newsgroup messages. If a user opened a crafted newsgroupmessage, an attacker could cause a buffer overrun and potentiallyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2008-4070)
More...
