---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA33408 VERIFY ADVISORY: http://secunia.com/advisories/33408/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 7.10 http://secunia.com/advisories/product/16251/ Ubuntu Linux 8.04 http://secunia.com/advisories/product/18611/ Ubuntu Linux 8.10 http://secunia.com/advisories/product/20299/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. For more information: SA33205 SOLUTION: Apply updated packages. -- Ubuntu 7.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1.diff.gz Size/MD5: 125751 295c96e93f293e2b6e750ce7c40e5d54 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1.dsc Size/MD5: 1683 91959458598f0953fa4c81ceb61c6216 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly.orig.tar.gz Size/MD5: 40350774 e28d81325c073baf1bb7a77e342d74ff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.7.10.1_all.deb Size/MD5: 60200 ca3121034c2abad22f664891f1e5e2c8 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1_all.deb Size/MD5: 60186 ed4fbdb2b07db6c04453f46c67faca57 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.7.10.1_amd64.deb Size/MD5: 3778360 b45367fb0c80075f46270c6ed7478eaa http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.7.10.1_amd64.deb Size/MD5: 85370 3a400c668b9da9216863be4a6630a96e http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1_amd64.deb Size/MD5: 12429548 069f7cdcc8ba893fb7e3f126d45153c6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.7.10.1_i386.deb Size/MD5: 3766622 bad0e1549e66122e16d3b89d64968ffe http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.7.10.1_i386.deb Size/MD5: 80714 714dbb475a909fe9d5afe500a1128a6f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1_i386.deb Size/MD5: 11000200 67a82135268a9e9939442eaf59d904fa lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.7.10.1_lpia.deb Size/MD5: 3764286 4ee913f7366d01ae7d0cb4ebb40e9723 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.7.10.1_lpia.deb Size/MD5: 80442 9a4c87009be2c1fcb0a2a744a73d6c46 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1_lpia.deb Size/MD5: 10840772 044f69eb8620275f0b2600f1266f9261 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.7.10.1_powerpc.deb Size/MD5: 3782204 5426bd24bc9939d1d9c842991fc28d04 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.7.10.1_powerpc.deb Size/MD5: 83746 b115a7a8548b555ce6ccc365ca8cd8cd http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1_powerpc.deb Size/MD5: 12274654 eb44ee29adc48b66f0b76e67ee396ed3 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.7.10.1_sparc.deb Size/MD5: 3764334 081ea4f34ef577559494b63f78e4fd7a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.7.10.1_sparc.deb Size/MD5: 80150 5da23472cb09b42ce716fe90e1e0ee9a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.7.10.1_sparc.deb Size/MD5: 11269388 c56ae47e2c90fd4b31add863ef3c8170 -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 129303 2329ce6357dc550bc8b50c55d39115fe http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 1681 c52d1bf4c454e88154ab0095c6e8fcbd http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly.orig.tar.gz Size/MD5: 40350774 e28d81325c073baf1bb7a77e342d74ff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 60490 ef703556822dd1d42bc111c4d4932e98 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 60478 d5055cf0260e822778c9dabbdaac0290 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3779546 93c857b7e424b4ef32f3529c97d45645 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 85384 0a018f64edc1019750fa6d8d8b20c445 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 12413968 206878158152a3ec0e45a0b7e32b03d9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 3766930 a338b4b1584d6d9752665d0905958642 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 80782 74b360869e8798f545989815a176d25d http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 10982858 dbb94dd72692de58a3ac4474b275006a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3764652 78b89b93c5e115a09c8dd0af0344c72d http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 80530 94b47edb17b4820e90332961ab99c328 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 10831682 a2426c576ed067307897c37e8ccebab7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3783238 e5745effd460c7bbb61f2d845dca5883 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 83768 527c9aa50b2369f8093264a54bb1bb12 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 12257040 c8ea7370647e43df601de2ec158d7610 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.04.1_sparc.deb Size/MD5: 3765166 34532aed9c87eeb5a6df99fc7fabfe4e http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.04.1_sparc.deb Size/MD5: 80236 59f5df0f4b378a280e6e86a1b2993558 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.04.1_sparc.deb Size/MD5: 11259474 4f03dd8f34b495ed5a3ae265aaebd90c -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1.diff.gz Size/MD5: 130103 b31f16122e92660486fd5a51f67e586a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1.dsc Size/MD5: 1663 2d73e2af8c2bbbb34a3637aa1fcd1af7 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly.orig.tar.gz Size/MD5: 40350774 e28d81325c073baf1bb7a77e342d74ff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 60830 514443d4829b4fe56f1837ace920a4bb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 60820 a093a0e799904ea33d66e27eed40a859 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3737222 118e8bba338794d2a2ec2929f11e169e http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 85582 6888cef1a0c67611444769818bddb7dd http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 12435266 afd08db88cbdf657df90444d0934159e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 3721732 31a6b27e02fe3fae7f71da0527991099 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 81162 b0f2ba3990fc45202d1aae14bd613275 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 11041488 dd9292b3beecae4eabbf139f00eff890 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3718346 1ebbb7108b584d3c519070508b3b8296 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 80872 2e4d7b7f18f6bf93605dfbc18463b926 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 10862250 807dd5718af4ccb6cab4fd89c71f5814 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3736058 b76e8216923784632d5c449a326ec58f http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 84048 c1d081ab1342b80f4e09bfae790466a6 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 12213534 f94a2d60504cb13dc78ba0bad6f621e0 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.19+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 3724202 96ec9c4744d807f84b348a3ec38e22ad http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.19+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 80892 dee7d086e2761b337f04821eb7ee98ac http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.19+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 11190180 efdbb89130ce75d2959b400bdda1ba6c ORIGINAL ADVISORY: USN-701-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-January/000820.html OTHER REFERENCES: SA33205: http://secunia.com/advisories/33205/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------