Please Install the Updated Packages.

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird.(CVE-2013-1739, CVE-2013-5590, CVE-2013-5591) Jordi Chancel discovered that HTML select elements could display arbitrary content. If a user had scripting enabled, an attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks. (CVE-2013-5593) Abhishek Arya discovered a crash when processing XSLT data in some circumstances. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5604) Dan Gohman discovered a flaw in the Javascript engine. If a user had enabled scripting, when combined with other vulnerabilities an attacker could possibly exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5595) Ezra Pool discovered a crash on extremely large pages. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5596) Byoungyoung Lee discovered a use-after-free when updating the offline cache. If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5597) Multiple use-after-free flaws were discovered in Thunderbird. If a user had scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601) A memory corruption flaw was discovered in the Javascript engine when using workers with direct proxies. If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5602) Abhishek Arya discovered a use-after-free when interacting with HTML document templates. If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5603)

thunderbird on Ubuntu 13.10 , Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-October/002298.html

---

Updated on 2015-03-25