what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-2151-1

Posted Mar 21, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2151-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514

SHA-256 | b9c5d05796f3964f78637e76f8a8bd653489461cb18c7c6f49a37f26b22188a3

Download | Favorite | View

Related Files

No related files