Please Install the Updated Packages.

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1718) Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. If a user had scripting enabled, in some circumstances an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1720) Alex Chapman discovered an integer overflow vulnerability in the ANGLE library. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1721) Abhishek Arya discovered a use-after-free in the Animation Manager. If a user had scripting enabled, an attacked could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1722) Scott Bell discovered a use-after-free when using a select element. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1724) It was discovered that the scope of new Javascript objects could be accessed before their compartment is initialized. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1725) Dan Gohman discovered that some variables and data were used in IonMonkey, without being initialized, which could lead to information leakage. (CVE-2013-1728) Sachin Shinde discovered a crash when moving some XBL-backed nodes in to a document created by document.open(). If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service. (CVE-2013-1730) Aki Helin discovered a buffer overflow when combining lists, floats and multiple columns. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1732) Two memory corruption bugs when scrolling were discovered. If a user had scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-201 ... Description truncated, for more information please check the Reference URL

thunderbird on Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-September/002250.html

---

Updated on 2015-03-25