Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473)
Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)
Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2015-4491)
{ "binaries": [ { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "thunderbird-globalmenu" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "thunderbird-testsuite" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:38.2.0+build1-0ubuntu0.14.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }