usn-2934-1
Vulnerability from osv_ubuntu
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1952)
Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website in a browsing context with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954)
Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957)
A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1961)
Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1964)
A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website in a browsing context with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1966)
Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1974)
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1950)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-1950",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1952",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1954",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1957",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1960",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1961",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1964",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1966",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1974",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1977",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2790",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2791",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2792",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2793",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2794",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2795",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2796",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2797",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2798",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2799",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2800",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2801",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2802",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:38.7.2+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:38.7.2+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:38.7.2+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1",
"1:31.8.0+build1-0ubuntu0.14.04.1",
"1:38.2.0+build1-0ubuntu0.14.04.1",
"1:38.3.0+build1-0ubuntu0.14.04.1",
"1:38.4.0+build3-0ubuntu0.14.04.1",
"1:38.5.1+build2-0ubuntu0.14.04.1",
"1:38.6.0+build1-0ubuntu0.14.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-1950",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1952",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1954",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1957",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1960",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1961",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1964",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1966",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1974",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-1977",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2790",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2791",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2792",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2793",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2794",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2795",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2796",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2797",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2798",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2799",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2800",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2801",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-2802",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:38.7.2+build1-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:38.7.2+build1-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:38.7.2+build1-0ubuntu0.16.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:38.3.0+build1-0ubuntu2",
"1:38.5.1+build2-0ubuntu1",
"1:38.6.0+build1-0ubuntu1"
]
}
],
"aliases": [],
"details": "Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, and Randell Jesup discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Thunderbird. (CVE-2016-1952)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a specially\ncrafted website in a browsing context with addon signing disabled and\nunpacked addons installed, an attacker could potentially exploit this to\ngain additional privileges. (CVE-2016-1954)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some circumstances.\nIf a user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause a\ndenial of service via memory exhaustion. (CVE-2016-1957)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were\ntricked in to opening a specially crafted website in a browsing context, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument.\nIf a user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Thunderbird. (CVE-2016-1961)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations.\nIf a user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Thunderbird. (CVE-2016-1964)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context with a malicious plugin installed, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2016-1966)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2016-1974)\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.\nA remote attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2016-1950)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked in\nto opening a specially crafted message, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n",
"id": "USN-2934-1",
"modified": "2026-04-22T07:36:33Z",
"published": "2016-04-27T22:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2934-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1950"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1952"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1954"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1957"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1960"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1961"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1964"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1966"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1974"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-1977"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2790"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2791"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2792"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2793"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2794"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2795"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2796"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2797"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2798"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2799"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2800"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2801"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-2802"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-1950",
"UBUNTU-CVE-2016-1952",
"UBUNTU-CVE-2016-1954",
"UBUNTU-CVE-2016-1957",
"UBUNTU-CVE-2016-1960",
"UBUNTU-CVE-2016-1961",
"UBUNTU-CVE-2016-1964",
"UBUNTU-CVE-2016-1966",
"UBUNTU-CVE-2016-1974",
"UBUNTU-CVE-2016-1977",
"UBUNTU-CVE-2016-2790",
"UBUNTU-CVE-2016-2791",
"UBUNTU-CVE-2016-2792",
"UBUNTU-CVE-2016-2793",
"UBUNTU-CVE-2016-2794",
"UBUNTU-CVE-2016-2795",
"UBUNTU-CVE-2016-2796",
"UBUNTU-CVE-2016-2797",
"UBUNTU-CVE-2016-2798",
"UBUNTU-CVE-2016-2799",
"UBUNTU-CVE-2016-2800",
"UBUNTU-CVE-2016-2801",
"UBUNTU-CVE-2016-2802"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.