{"id":"USN-2819-1","summary":"thunderbird vulnerabilities","details":"Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky,\nRandell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong\ndiscovered multiple memory safety issues in Thunderbird. If a user were\ntricked in to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2015-4513)\n\nTyson Smith and David Keeler discovered a use-after-poison and buffer\noverflow in NSS. An attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Thunderbird. (CVE-2015-7181,\nCVE-2015-7182)\n\nRyan Sleevi discovered an integer overflow in NSPR. An attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2015-7183)\n\nMichał Bentkowski discovered that adding white-space to hostnames that are\nIP addresses can bypass same-origin protections. If a user were tricked in\nto opening a specially crafted website in a browser-like context, an\nattacker could potentially exploit this to conduct cross-site scripting\n(XSS) attacks. (CVE-2015-7188)\n\nLooben Yang discovered a buffer overflow during script interactions with\nthe canvas element in some circumstances. If a user were tricked in to\nopening a specially crafted website in a browser-like context, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2015-7189)\n\nShinto K Anto discovered that CORS preflight is bypassed when receiving\nnon-standard Content-Type headers in some circumstances. If a user were\ntricked in to opening a specially crafted website in a browser-like\ncontext, an attacker could potentially exploit this to bypass\nsame-origin restrictions. (CVE-2015-7193)\n\nGustavo Grieco discovered a buffer overflow in libjar in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite in a browser-like context, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2015-7194)\n\nEhsan Akhgari discovered a mechanism for a web worker to bypass secure\nrequirements for web sockets. If a user were tricked in to opening a\nspecially crafted website in a browser-like context, an attacker could\nexploit this to bypass the mixed content web socket policy.\n(CVE-2015-7197)\n\nRonald Crane discovered several vulnerabilities through code-inspection. If\na user were tricked in to opening a specially crafted website in a\nbrowser-like context, an attacker could potentially exploit these to cause\na denial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Thunderbird. (CVE-2015-7198,\nCVE-2015-7199, CVE-2015-7200)\n","modified":"2026-02-10T04:40:56Z","published":"2015-12-01T12:50:46Z","related":["UBUNTU-CVE-2015-4513","UBUNTU-CVE-2015-7181","UBUNTU-CVE-2015-7182","UBUNTU-CVE-2015-7183","UBUNTU-CVE-2015-7188","UBUNTU-CVE-2015-7189","UBUNTU-CVE-2015-7193","UBUNTU-CVE-2015-7194","UBUNTU-CVE-2015-7197","UBUNTU-CVE-2015-7198","UBUNTU-CVE-2015-7199","UBUNTU-CVE-2015-7200"],"upstream":["CVE-2015-4513","CVE-2015-7181","CVE-2015-7182","CVE-2015-7183","CVE-2015-7188","CVE-2015-7189","CVE-2015-7193","CVE-2015-7194","CVE-2015-7197","CVE-2015-7198","CVE-2015-7199","CVE-2015-7200","UBUNTU-CVE-2015-4513","UBUNTU-CVE-2015-7181","UBUNTU-CVE-2015-7182","UBUNTU-CVE-2015-7183","UBUNTU-CVE-2015-7188","UBUNTU-CVE-2015-7189","UBUNTU-CVE-2015-7193","UBUNTU-CVE-2015-7194","UBUNTU-CVE-2015-7197","UBUNTU-CVE-2015-7198","UBUNTU-CVE-2015-7199","UBUNTU-CVE-2015-7200"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2819-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4513"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7181"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7182"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7183"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7188"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7189"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7193"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7194"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7197"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7198"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7199"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7200"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/thunderbird@1:38.4.0+build3-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:38.4.0+build3-0ubuntu0.14.04.1"}]}],"versions":["1:24.0+build1-0ubuntu1","1:24.0+build1-0ubuntu2","1:24.1.1+build1-0ubuntu0.13.10.1","1:24.1.1+build1-0ubuntu1","1:24.2.0+build1-0ubuntu1","1:24.4.0+build1-0ubuntu1","1:24.5.0+build1-0ubuntu0.14.04.1","1:24.6.0+build1-0ubuntu0.14.04.1","1:31.0+build1-0ubuntu0.14.04.1","1:31.1.1+build1-0ubuntu0.14.04.1","1:31.1.2+build1-0ubuntu0.14.04.1","1:31.2.0+build2-0ubuntu0.14.04.1","1:31.3.0+build1-0ubuntu0.14.04.1","1:31.4.0+build1-0ubuntu0.14.04.1","1:31.5.0+build1-0ubuntu0.14.04.1","1:31.6.0+build1-0ubuntu0.14.04.1","1:31.7.0+build1-0ubuntu0.14.04.1","1:31.8.0+build1-0ubuntu0.14.04.1","1:38.2.0+build1-0ubuntu0.14.04.1","1:38.3.0+build1-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"thunderbird"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"thunderbird-dev"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"thunderbird-globalmenu"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"thunderbird-gnome-support"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"thunderbird-mozsymbols"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"thunderbird-testsuite"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"xul-ext-calendar-timezones"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"xul-ext-gdata-provider"},{"binary_version":"1:38.4.0+build3-0ubuntu0.14.04.1","binary_name":"xul-ext-lightning"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2015-4513","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7181","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7182","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7183","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7188","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7189","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7193","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7194","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7197","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7198","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7199","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-7200","severity":[{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2819-1.json"}}],"schema_version":"1.7.3"}