=========================================================== Ubuntu Security Notice USN-741-1 March 19, 2009 mozilla-thunderbird, thunderbird vulnerabilities CVE-2009-0352, CVE-2009-0772, CVE-2009-0774, CVE-2009-0776 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1 Ubuntu 7.10: thunderbird 2.0.0.21+nobinonly-0ubuntu0.7.10.1 Ubuntu 8.04 LTS: thunderbird 2.0.0.21+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: thunderbird 2.0.0.21+nobinonly-0ubuntu0.8.10.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. (CVE-2009-0352) Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0772, CVE-2009-0774) Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. (CVE-2009-0776) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1.diff.gz Size/MD5: 457824 144d15ccf9a7e28489c3f41a8aefe443 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1.dsc Size/MD5: 1688 225f20dff306611652e1b5e0e5d360c2 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k.orig.tar.gz Size/MD5: 38724498 65b0015f87bc747b4cf0f04dc2b7e27d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb Size/MD5: 3594394 5a4c8b8e31439bcc050d6c281ca60254 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb Size/MD5: 195084 2902df0778522658df85879f54cfac60 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb Size/MD5: 60322 846098744687e2bd4595cfef13ad19c7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb Size/MD5: 12123246 3ae785e21196bdd1c8222a2edf573955 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb Size/MD5: 3588464 241cccce723c15b55ce4a1401b36d80d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb Size/MD5: 188526 d1f442802db68f5b1e5de805481c6e37 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb Size/MD5: 55846 aab2beeb7e32cbb962e9c4a0c2a63881 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb Size/MD5: 10392218 a5b70ef2eabd8e3181edad4a50d415dc powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 3593750 f37628f7bf32eaa6e699f655b3befbf8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 191822 17a85da976cc03c494b393c0ff2bb3c4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 59500 8f40936424e6e74d51ac541da51ea89b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb Size/MD5: 11678748 7fb3d49ea6c5506137a6219bc52bafd9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb Size/MD5: 3590326 d64a1ebdf60860d3c7fc539db0fe568f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb Size/MD5: 189258 80649934d69244fb24aca9fffb7cab62 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb Size/MD5: 57328 0c7a072ab6c187cb078c772e5f02b505 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb Size/MD5: 10871856 49a20809bce51fae4aa21e8f1ba927a0 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1.diff.gz Size/MD5: 125774 220e3fea6369826758a4c35918172c0f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1.dsc Size/MD5: 2321 23dc369f38cdbd2a7eb25cf5a77f1b82 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly.orig.tar.gz Size/MD5: 37904706 37b085244fed28172a42744f16c2f105 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_all.deb Size/MD5: 59232 529687fb6744db8b8211eaca95c0d57c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_all.deb Size/MD5: 59218 a0b74e6067af1602fec9851ae8bc6fd9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_amd64.deb Size/MD5: 3782668 10119ceeeab5fa6c1a080eb3688bbffa http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_amd64.deb Size/MD5: 85390 423affc0fcc0607909a7d91b27bbb43b http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_amd64.deb Size/MD5: 12429022 b34c5f45229f665387112324d5927463 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_i386.deb Size/MD5: 4001090 7be3c415ca8f823d5bd3068c6da1f493 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_i386.deb Size/MD5: 80246 57aa46088dfa3c0c3505182cdc5195fb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_i386.deb Size/MD5: 11026334 eb1d1e71c07071b0a5b69b404e3a1d1e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_lpia.deb Size/MD5: 3767712 1d0fc779f4f9fc6ce151e83e343fe7f1 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_lpia.deb Size/MD5: 80458 e91be09dcbab0502902a9ffe79cc920a http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_lpia.deb Size/MD5: 10837588 ab9f35953207e1ca2c38e6ae0fb1fb18 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb Size/MD5: 3786732 a3f7f69db0eba57fb0e5eae419d9c9e2 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb Size/MD5: 83786 b2e5e838dfcc98818b12236a62c9e531 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb Size/MD5: 12272394 f91f7c4b6ada5298972b6f3f8ee8ddc0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_sparc.deb Size/MD5: 3768028 fada7feaa42bbb99917a3d0a76adf4c8 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_sparc.deb Size/MD5: 80158 83fc5a17e6b15270097cdd3c81f2a4d3 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_sparc.deb Size/MD5: 11265358 e3630ccbcabd9b8437e8aa3eff46e77c Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 129331 b6c40e9e7f4868829ef64ca0feed2f04 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2319 8cab7e706371e4fd4fb7050a146ded64 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly.orig.tar.gz Size/MD5: 37904706 37b085244fed28172a42744f16c2f105 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 60532 9a7544291d592387b1b1b5301f77f740 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 60520 b389198436a712fbb96ddd7ed6f6c1a4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3783654 837816a7a8b527be51d46e1d434c9a47 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 85412 e76d5ad55d1866dcea849c05dbce4471 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 12410314 d7d829a49129462f1cf95a59242bf056 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 3770490 e89b5595146a414265c8725492bc7bb8 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 80818 b46cffa37ed38bf1932af4da73012b8a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 10982186 c1dfe6e42c118517ad5e684112d97ec0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3768194 7bb50ae78ccf6de6e3b017ac80bd2993 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 80558 6f2c57cb545705ec7dcd11f6575235e4 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 10828284 473a4f1e04e87f4f095d54dbae1199d0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3787486 940382362442149412f1f2cc3410c280 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 83810 a521a98522fd1cbf799c3bead1dccfa3 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 12254512 1ad70557833ee5fee0d823754d36daa4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_sparc.deb Size/MD5: 3768708 f2ef9618b5402c3d6add76f4710de730 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_sparc.deb Size/MD5: 80260 5941e85bde6f1ba7eb87af5b970b576e http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_sparc.deb Size/MD5: 11255102 91126d6bed2f581bf6428f1452a3d6d5 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1.diff.gz Size/MD5: 130128 489090af195632bc0f5b2da9ef03135c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1.dsc Size/MD5: 2301 b95fa0c819729304e7e4e1914d28248c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly.orig.tar.gz Size/MD5: 37904706 37b085244fed28172a42744f16c2f105 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 60834 b2e8e124904e847f8e9ae20fc76ec2be http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 60822 2f3c9e2df78c69dc4cae8f1e45b888f2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3737130 e886530814cd6e4328a2f36d491d6282 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 85576 7b1e37578dfcc61c337eabef0b0b042f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 12437796 b670f40d4cda06dd244f958a6c3017c3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 3721708 f82aebb9b58c9cb3e2febf68dd151ad7 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 81176 63ad7320a9cab551fc55b5c3b4bcdadf http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 11042916 e5cc62bcae7bc3088b3c4441a4aac2f9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3718244 fd44cb9fe294e7a8a0074d79048e4c72 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 80862 c59d3623c493ae256791e7d01a413c20 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 10863820 524cf7ddfce3a84e4ead000a6d709aeb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3736116 9772c5a74c2e54000edd941722c727b6 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 84050 72e9368d17ec2c3e6ecd7f3967e84434 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 12216224 a8228436f52aa5de5eebeec57f4c28e9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 3724256 fecbfa0b07e847da2002c70eb39733b7 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 80888 c125eac7b058bbc56d65b08d3efd0941 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 11191468 dcc75b07a98e5b31a3df9d52eaf3bbf8