Ubuntu Security Notice 6515-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information.
d6191b54a0838b3afcde840585c714c6bd2dee7e37aba7b54a20750739c63df2=========================================================================
Ubuntu Security Notice USN-6515-1
November 27, 2023
thunderbird vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6212)
It was discovered that Thudnerbird did not properly manage memory when
images were created on the canvas element. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6204)
It discovered that Thunderbird incorrectly handled certain memory when
using a MessagePort. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2023-6205)
It discovered that Thunderbird incorrectly did not properly manage ownership
in ReadableByteStreams. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6207)
It discovered that Thudnerbird incorrectly did not properly manage copy
operations when using Selection API in X11. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6208)
Rachmat Abdul Rokhim discovered that Thunderbird incorrectly handled
parsing of relative URLS starting with "///". An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2023-6209)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
thunderbird 1:115.5.0+build1-0ubuntu0.23.10.1
Ubuntu 23.04:
thunderbird 1:115.5.0+build1-0ubuntu0.23.04.1
Ubuntu 22.04 LTS:
thunderbird 1:115.5.0+build1-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
thunderbird 1:115.5.0+build1-0ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6515-1
CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,
CVE-2023-6208, CVE-2023-6209, CVE-2023-6212
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.20.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed