CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
97.7%
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered
memory safety issues affecting Thunderbird. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit these to
cause a denial of service via application crash, or potentially execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1948,
CVE-2012-1949)
Abhishek Arya discovered four memory safety issues affecting Thunderbird. If
the user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a site
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML tags were not filtered out of the
HTML of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the HTML
feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1958)
Bobby Holley discovered that same-compartment security wrappers (SCSW) could be
bypassed to allow XBL access. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit this to execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla’s color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)
Frédéric Buclin discovered that the X-Frame-Options header was ignored when its
value was specified multiple times. An attacker could exploit this to conduct
clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1962)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 implementation. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this to
access a user’s OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)
It was discovered that the execution of javascript: URLs was not properly
handled in some cases. A remote attacker could exploit this to execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1967)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | thunderbird | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-dbg | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-dev | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-globalmenu | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-gnome-support | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-gnome-support-dbg | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-locale-af | < 1:14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-locale-ar | < 1:14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-locale-ast | < 1:14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | thunderbird-locale-be | < 1:14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
launchpad.net/bugs/1020198
launchpad.net/bugs/1024564
ubuntu.com/security/CVE-2012-1948
ubuntu.com/security/CVE-2012-1949
ubuntu.com/security/CVE-2012-1951
ubuntu.com/security/CVE-2012-1952
ubuntu.com/security/CVE-2012-1953
ubuntu.com/security/CVE-2012-1954
ubuntu.com/security/CVE-2012-1955
ubuntu.com/security/CVE-2012-1957
ubuntu.com/security/CVE-2012-1958
ubuntu.com/security/CVE-2012-1959
ubuntu.com/security/CVE-2012-1960
ubuntu.com/security/CVE-2012-1961
ubuntu.com/security/CVE-2012-1962
ubuntu.com/security/CVE-2012-1963
ubuntu.com/security/CVE-2012-1967