USN-2934-1: Thunderbird vulnerabilities
USN-2934-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-2934-1 27th April, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, DanielHolbert, Jesse Ruderman, and Randell Jesup discovered multiple memorysafety issues in Thunderbird. If a user were tricked in to opening aspecially crafted message, an attacker could potentially exploit these tocause a denial of service via application crash, or execute arbitrary codewith the privileges of the user invoking Thunderbird. (CVE-2016-1952) Nicolas Golubovic discovered that CSP violation reports can be used tooverwrite local files. If a user were tricked in to opening a speciallycrafted website in a browsing context with [ more… ]