Ubuntu update for Thunderbird



Risk Critical
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2019-17024
CVE-2019-17022
CVE-2019-17026
CVE-2019-11745
CVE-2019-17017
CVE-2019-17016
CVE-2019-17008
CVE-2019-17010
CVE-2019-17011
CVE-2019-17012
CVE-2019-17005
CWE-ID CWE-119
CWE-79
CWE-843
CWE-787
CWE-94
CWE-416
Exploitation vector Network
Public exploit Vulnerability #3 is being exploited in the wild.
Vulnerable software
 thunderbird (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU24062

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17024

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

EUVDB-ID: #VU24060

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-17022

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the CSS sanitizer. When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. If a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type Confusion

EUVDB-ID: #VU24147

Risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2019-17026

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error with StoreElementHole and FallibleStoreElement when processing HTML content in IonMonkey JIT compiler. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Out-of-bounds write

EUVDB-ID: #VU23050

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-11745

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the NSC_EncryptUpdate() function in /lib/softoken/pkcs11c.c, when performing padding operations in Mozilla NSS. A remote attacker can pass specially crafted data to the affected application, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Type Confusion

EUVDB-ID: #VU24055

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-17017

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing HTML content in XPCVariant.cpp. A remote attacker can create a specially crated web page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Code Injection

EUVDB-ID: #VU24054

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-17016

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation when pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.


Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU23370

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17008

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error during worker destruction. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and crash the application or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU23374

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17010

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error  when checking the Resist Fingerprinting preference during device orientation checks. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a race condition that will results in a use-after-free error.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU23376

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17011

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when retrieving a document from a DocShell in the antitracking code. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a race condition that will results in a use-after-free error.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU23377

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17012

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a memory corruption when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU23375

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17005

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a memory corruption in plain text serializer. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

Vulnerable software versions

thunderbird (Ubuntu package): 1:60.0+build4-0ubuntu0.14.04.2 - 1:68.3.1+build1-0ubuntu2

CPE2.3 External links

https://usn.ubuntu.com/4241-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###