Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.
81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260eeUbuntu Security Notice 4995-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Various other issues were also addressed.
4377b3a315af5e52fb39b7a6d25d2f9f0a167af3746b0bb2a7e6f3615807b933Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.
5ca81f664f4e17349799dff5ec0303eacf0a8ec7882e1cb1d495ace0532dfaaaGentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.
14468afd1abbcf533ea6611cd505e671361f822b331808ff4f16194ccb84f300Debian Linux Security Advisory 4874-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing attacks.
6cd3d84bb05ea09f2861c694c96bbad37e945fa5766d877edb278eaa2b865e37Debian Linux Security Advisory 4876-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.
1f97e92166976a17da8cad8270152684548a7147977ea4a7f4644cd979d65be9Red Hat Security Advisory 2021-0992-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.
0beb2ace97462de39ed1d992b5064e7d5d9f84b509aa66a9eb5aec5241490152Red Hat Security Advisory 2021-0996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.
230cb77f45733ad34db897a0b588ca5ab5c53732b2700c3f65cb69dd3b978695Red Hat Security Advisory 2021-0991-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.
86846d2863092b129999a9295fec81227ed067d13cdd36bd10bf20ccb17aa1bcRed Hat Security Advisory 2021-0994-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.
92f592dcd962e5398522f1c3e77119df9ed4cc5f6bdd64edcdd0925207a42fa5Red Hat Security Advisory 2021-0989-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.
7cf8093a6f80ac1bc05fe0300de9409c8d3cd88b64b5412d3a49eda9f88728a8Red Hat Security Advisory 2021-0993-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.
0a0d78d27867982bbb669a8ab8b155eb15bef29ef1ff4cfce92375ca16cab6feRed Hat Security Advisory 2021-0995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.
65c3fb96861a5095748a61811fa91692556423c606441e5ff1405d3b8e13070eRed Hat Security Advisory 2021-0990-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.
971c6830932725382e9e107349182a7519e5712cda26ef895c57c3cfb73fa216
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed