<<< Date Index >>>     <<< Thread Index >>>

[USN-469-1] Thunderbird vulnerabilities



=========================================================== 
Ubuntu Security Notice USN-469-1              June 05, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mozilla-thunderbird                      1.5.0.12-0ubuntu0.6.06

Ubuntu 6.10:
  mozilla-thunderbird                      1.5.0.12-0ubuntu0.6.10

Ubuntu 7.04:
  mozilla-thunderbird                      1.5.0.12-0ubuntu0.7.04

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Gaëtan Leurent showed a weakness in APOP authentication.  An attacker
posing as a trusted server could recover portions of the user's
password via multiple authentication attempts. (CVE-2007-1558)

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2007-2867, CVE-2007-2868)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.diff.gz
      Size/MD5:   455017 6134996c92b001015b30150c2dc1ebc9
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.dsc
      Size/MD5:     1603 a28b5d142a6f31040ed31e9a6d6bc89f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
      Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5:  3536144 14ea0a1977a5320fd835fd001d67346f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5:   194244 8b458963ac0651ed0cd6391eff999922
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5:    59492 f72ea0bdf598e970be1fc2bc4c13aca5
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_amd64.deb
      Size/MD5: 12072898 5c56a62ecebbd04b0d5800e02bb0f962

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5:  3529200 7e19aa6138e8feed5cff6d838b6028a9
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5:   187602 6820a2a671a38afd15a0f6a85d836e1a
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5:    55014 7bafe57ee68339de3cd6b652b38f732e
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_i386.deb
      Size/MD5: 10348548 b9681e3ee16c04c08339ec2ef01a6c88

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  3534496 3c48628681299abaee19fc0beba5ab78
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   190946 fbbcce5b8063cb919394a9eb6606be14
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5:    58594 feced950d4786dca229a3311d78ebd92
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 11625662 84c92da6096228d1e9d9b88bd7b04175

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5:  3531010 bcc28364913ee9a39fcbe927c18c63b6
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5:   188396 269be710a7fba93ef6b097b2b9fff9db
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5:    56508 53c80fc5eee71c35c5ac6bd02d378d88
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_sparc.deb
      Size/MD5: 10819654 ef89c7e36efdb96ac78708d29d8549b9

Updated packages for Ubuntu 6.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.diff.gz
      Size/MD5:   455848 d0c748328245e197cae6535eb8f432ef
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.dsc
      Size/MD5:     1601 bd27533176397a9e5dfbf7f78bc0663e
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
      Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5:  3535944 23d30ebe5ef94e613e7967b1db8ef31b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5:   194370 45be8ffeacd6effc2f9dc7760c95872b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5:    59488 332a5fc9ba7aaee2f415f8b7d48df4d3
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_amd64.deb
      Size/MD5: 12069218 a95212832d428490b423c3f1f4d8fb6f

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5:  3532554 c3e7b0d29512c4fcdeb4c44d2cf254ee
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5:   189032 1af5c94758d03e290996aabe28f4e468
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5:    56130 b8dd5169a5c9d2e64f92a5077125e5fe
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_i386.deb
      Size/MD5: 10807154 3182256c2c4e3dcf8ce0af8c08c79b9e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5:  3534536 3f01d1dd21c6f9c4876cbe26c99b9b7a
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   191466 d3d76899b21d9c6a00b74c59375ef410
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5:    59150 d00037720c85c34f71289eb5e38495e6
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 11755910 5e4af6da8f47a49d55f79679299ca1c5

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5:  3531000 cfe826422c56a92146ef11cd7ac8a12b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5:   188848 4749b5b3be87a3fcd12dc3d40a49a855
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5:    56542 da871004b8b3361955e80fde84bb6912
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_sparc.deb
      Size/MD5: 11021978 278ddf14608e203be94128d4d813c17c

Updated packages for Ubuntu 7.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.diff.gz
      Size/MD5:   126465 cc8f051889c9b0b3e38d7209405dea69
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.dsc
      Size/MD5:     1601 7c375b22a857fcd739595e99d69030be
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
      Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5:  3536244 487c6c4f6eeea7b685882f7782499c1f
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5:   194854 1878f36a0df3331ac035cc0a7141e0e6
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5:    59982 10922e4c84d5d0a742d1673cfd9cb7f0
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_amd64.deb
      Size/MD5: 12164292 bb2c2e8b5ef6419e408cdaf5096367ee

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5:  3533300 2aa267d22e69adf1952365381ee223c4
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5:   189498 b3e5a7fd372e13926d5b0ab65e8fe78b
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5:    56606 96e62d17f21013a3b801cbe6bbddd665
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_i386.deb
      Size/MD5: 10893370 b0c17d6fabacc7c2cf1f1ab11a603a63

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5:  3537168 a7afc930e25aaca21915bda7fd27df94
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5:   192978 65ec6c5bf4483df668b9a848e7d38754
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5:    59968 e808d5650b3bb3e9fb8db66f64d60d91
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_powerpc.deb
      Size/MD5: 12107396 fc8addfa0baf3cf6104a65e66bf4cce6

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5:  3532440 4b4d48c1c6ec051f79023aa4ab02a38a
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5:   189318 d84f7d16f44ce1bf1f989a316f13f901
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5:    57038 ef6a777ccc9464d7c74b774c61afe3f3
    
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_sparc.deb
      Size/MD5: 11123392 f73b585d8506d5be115aa006ac2ede2a

Attachment: signature.asc
Description: Digital signature