[USN-915-1] Thunderbird vulnerabilities
thunderbird vulnerabilities
Several flaws were discovered in the JavaScript engine of Thunderbird. If a
user had JavaScript enabled and were tricked into viewing malicious web
content, a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075)
Josh Soref discovered that the BinHex decoder used in Thunderbird contained
a flaw. If a user were tricked into viewing malicious content, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-3072)
It was discovered that Thunderbird did not properly manage memory when
using XUL tree elements. If a user were tricked into viewing malicious
content, a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-3077)
Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly
display filenames containing right-to-left (RTL) override characters. If a
user were tricked into opening a malicious file with a crafted filename, an
attacker could exploit this to trick the user into opening a different file
than the user expected. (CVE-2009-3376)
Takehiro Takahashi discovered flaws in the NTLM implementation in
Thunderbird. If an NTLM authenticated user opened content containing links
to a malicious website, a remote attacker could send requests to other
applications, authenticated as the user. (CVE-2009-3983)
Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain
messages with attachments. A remote attacker could send specially crafted
content and cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0163)
- ID
- USN-915-1
- Severity
- high
- Severity from
- CVE-2009-2463
- URL
- https://ubuntu.com/security/notices/USN-915-1
- Published
-
2010-03-18T14:08:21
(14 years ago) - Modified
-
2010-03-18T14:08:21
(14 years ago) - Other Advisories
-
- ELSA-2009-1162
- ELSA-2009-1430
- ELSA-2009-1530
- ELSA-2009-1601
- ELSA-2009-1674
- ELSA-2014-0311
- FEDORA-2009-10878
- FEDORA-2009-10981
- FEDORA-2009-13333
- FEDORA-2009-13362
- FEDORA-2009-13366
- FEDORA-2009-7961
- FEDORA-2009-9494
- FEDORA-2009-9505
- FEDORA-2010-7100
- FEDORA-2015-6dec4e6d5f
- FREEBSD:01C57D20-EA26-11DE-BD39-00248C9B4BE7
- FREEBSD:4B3A7E70-AFCE-11E5-B864-14DAE9D210B8
- FREEBSD:56CFE192-329F-11DF-ABB2-000F20797EDE
- FREEBSD:6431C4DB-DEB4-11DE-9078-0030843D3802
- FREEBSD:922D2398-9E2D-11DE-A998-0030843D3802
- FREEBSD:C87AA2D2-C3C4-11DE-AB08-000F20797EDE
- GLSA-201301-01
- SUSE-SU-2016:0257-1
- SUSE-SU-2016:2958-1
- USN-798-1
- USN-821-1
- USN-853-1
- USN-871-1
- USN-873-1
- USN-874-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |