Please Install the Updated Packages.

Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1701) It was discovered that a document's URI could be set to the URI of a different document. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1709) A flaw was discovered when generating a CRMF request in certain circumstances. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1710) Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. (CVE-2013-1713) Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1714) Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. If a user had scripting enabled, an attacker could potentially exploit this to steal confidential data. (CVE-2013-1717)

thunderbird on Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS