USN-2819-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-2819-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2819-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-2819-1
Upstream
Related
Published
2015-12-01T12:50:46.378120Z
Modified
2025-09-08T16:36:01Z
Summary
thunderbird vulnerabilities
Details

Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4513)

Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. An attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7181, CVE-2015-7182)

Ryan Sleevi discovered an integer overflow in NSPR. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7183)

Michał Bentkowski discovered that adding white-space to hostnames that are IP addresses can bypass same-origin protections. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-7188)

Looben Yang discovered a buffer overflow during script interactions with the canvas element in some circumstances. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7189)

Shinto K Anto discovered that CORS preflight is bypassed when receiving non-standard Content-Type headers in some circumstances. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-7193)

Gustavo Grieco discovered a buffer overflow in libjar in some circumstances. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7194)

Ehsan Akhgari discovered a mechanism for a web worker to bypass secure requirements for web sockets. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could exploit this to bypass the mixed content web socket policy. (CVE-2015-7197)

Ronald Crane discovered several vulnerabilities through code-inspection. If a user were tricked in to opening a specially crafted website in a browser-like context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200)

References

Affected packages

Ubuntu:14.04:LTS / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/ubuntu/thunderbird@1:38.4.0+build3-0ubuntu0.14.04.1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:38.4.0+build3-0ubuntu0.14.04.1

Affected versions

1:24.*

1:24.0+build1-0ubuntu1
1:24.0+build1-0ubuntu2
1:24.1.1+build1-0ubuntu0.13.10.1
1:24.1.1+build1-0ubuntu1
1:24.2.0+build1-0ubuntu1
1:24.4.0+build1-0ubuntu1
1:24.5.0+build1-0ubuntu0.14.04.1
1:24.6.0+build1-0ubuntu0.14.04.1

1:31.*

1:31.0+build1-0ubuntu0.14.04.1
1:31.1.1+build1-0ubuntu0.14.04.1
1:31.1.2+build1-0ubuntu0.14.04.1
1:31.2.0+build2-0ubuntu0.14.04.1
1:31.3.0+build1-0ubuntu0.14.04.1
1:31.4.0+build1-0ubuntu0.14.04.1
1:31.5.0+build1-0ubuntu0.14.04.1
1:31.6.0+build1-0ubuntu0.14.04.1
1:31.7.0+build1-0ubuntu0.14.04.1
1:31.8.0+build1-0ubuntu0.14.04.1

1:38.*

1:38.2.0+build1-0ubuntu0.14.04.1
1:38.3.0+build1-0ubuntu0.14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "thunderbird"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "thunderbird-dev"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "thunderbird-globalmenu"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "thunderbird-gnome-support"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "thunderbird-mozsymbols"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "thunderbird-testsuite"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "xul-ext-calendar-timezones"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "xul-ext-gdata-provider"
        },
        {
            "binary_version": "1:38.4.0+build3-0ubuntu0.14.04.1",
            "binary_name": "xul-ext-lightning"
        }
    ]
}