News

=========================================================== Ubuntu Security Notice USN-605-1 May 06, 2008 mozilla-thunderbird, thunderbird vulnerabilities CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1 Ubuntu 7.04: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1 Ubuntu 7.10: thunderbird 2.0.0.14+nobinonly-0ubuntu0.7.10.0 Ubuntu 8.04 LTS: thunderbird 2.0.0.14+nobinonly-0ubuntu0.8.04.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235) Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237)