USN-2189-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-2189-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2189-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2189-1
Related
Published
2014-04-30T22:18:45.942885Z
Modified
2014-04-30T22:18:45.942885Z
Summary
thunderbird vulnerabilities
Details

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518)

Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)

Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1524)

Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. If a user had enabled scripting, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1529)

It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)

A use-after-free was discovered when resizing images in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1531)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1532)

References

Affected packages

Ubuntu:14.04:LTS / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/ubuntu/thunderbird@1:24.5.0+build1-0ubuntu0.14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:24.5.0+build1-0ubuntu0.14.04.1

Affected versions

1:24.*

1:24.0+build1-0ubuntu1
1:24.0+build1-0ubuntu2
1:24.1.1+build1-0ubuntu0.13.10.1
1:24.1.1+build1-0ubuntu1
1:24.2.0+build1-0ubuntu1
1:24.4.0+build1-0ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "thunderbird-locale-pt-pt": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ka": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-gnome-support": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-nl": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-mk": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-rm": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-sq": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-sv-se": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-hr": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-sl": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-sk": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-globalmenu": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-eu": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-he": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ga": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-es-es": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-fy-nl": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-pt-br": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "xul-ext-gdata-provider": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-gd": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-mozsymbols": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-pl": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-nb": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-gnome-support-dbg": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-dev": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-sv": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-pt": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-be": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-en-gb": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "xul-ext-lightning": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ga-ie": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-de": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-fr": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ko": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-nb-no": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "xul-ext-calendar-timezones": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-en-us": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-hy": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-tr": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ro": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-zh-hans": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-uk": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-gl": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-da": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-dbg": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ar": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-fy": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-testsuite": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ja": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ru": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-zh-cn": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-es-ar": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-zh-tw": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-es": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-si": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-br": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-bg": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-en": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-pa": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-cs": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-af": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-bn-bd": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-el": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-fi": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ta-lk": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-bn": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ca": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-sr": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-is": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-et": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-hu": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-it": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-pa-in": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-nn": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-vi": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ast": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-ta": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-nn-no": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-lt": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-id": "1:24.5.0+build1-0ubuntu0.14.04.1",
            "thunderbird-locale-zh-hant": "1:24.5.0+build1-0ubuntu0.14.04.1"
        }
    ]
}