RHEL 6 : thunderbird (RHSA-2012:1211)

high Nessus Plugin ID 61705

Synopsis

The remote Red Hat host is missing one or more security updates for thunderbird.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1211 advisory.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)

Content containing a malicious Scalable Vector Graphics (SVG) image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3969, CVE-2012-3970)

Two flaws were found in the way Thunderbird rendered certain images using WebGL. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3967, CVE-2012-3968)

A flaw was found in the way Thunderbird decoded embedded bitmap images in Icon Format (ICO) files. Content containing a malicious ICO file could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-3966)

A flaw was found in the way the eval command was handled by the Thunderbird Error Console. Running eval in the Error Console while viewing malicious content could possibly cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-3980)

An out-of-bounds memory read flaw was found in the way Thunderbird used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). Malicious content could possibly cause an information leak, or cause Thunderbird to crash. (CVE-2012-3972)

A flaw was found in the location object implementation in Thunderbird.
Malicious content could use this flaw to possibly allow restricted content to be loaded. (CVE-2012-3978)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Frdric Hoguin, miaubiz, Arthur Gerkis, Nicolas Grgoire, moz_bug_r_a4, and Colby Russell as the original reporters of these issues.

Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.7 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL thunderbird package based on the guidance in RHSA-2012:1211.

See Also

http://www.nessus.org/u?cb66fff2

https://access.redhat.com/errata/RHSA-2012:1211

https://access.redhat.com/security/updates/classification/#critical

https://bugzilla.redhat.com/show_bug.cgi?id=851909

https://bugzilla.redhat.com/show_bug.cgi?id=851924

https://bugzilla.redhat.com/show_bug.cgi?id=851939

https://bugzilla.redhat.com/show_bug.cgi?id=851910

https://bugzilla.redhat.com/show_bug.cgi?id=851918

https://bugzilla.redhat.com/show_bug.cgi?id=851920

https://bugzilla.redhat.com/show_bug.cgi?id=851922

https://bugzilla.redhat.com/show_bug.cgi?id=851937

Plugin Details

Severity: High

ID: 61705

File Name: redhat-RHSA-2012-1211.nasl

Version: 1.27

Type: local

Agent: unix

Published: 8/29/2012

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-3970

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2012-3980

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:thunderbird, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/29/2012

Vulnerability Publication Date: 8/29/2012

Reference Information

CVE: CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3972, CVE-2012-3978, CVE-2012-3980

CWE: 125, 416

RHSA: 2012:1211