Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Ubuntu 19.04: 4045-1 Critical: Thunderbird Security Flaws

ubuntu
Calendar Grey July 2, 2019
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4046-1 brings attention to critical updates addressing vulnerabilities in Firefox that could allow unauthorized access.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

A type confusion bug was discovered in Thunderbird. If a user were

tricked in to opening a specially crafted website in a browsing context,

an attacker could exploit this by causing a denial of service, or

executing arbirary code. (CVE-2019-11707)

It was discovered that a sandboxed child process could open arbitrary web

content in the parent process via the Prompt:Open IPC message. When

combined with another vulnerability, an attacker could potentially exploit

this to execute arbitrary code. (CVE-2019-11708)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  thunderbird                     1:60.7.2+build2-0ubuntu0.19.04.1

Ubuntu 18.10:
  thunderbird                     1:60.7.2+build2-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  thunderbird                     1:60.7.2+build2-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  thunderbird                     1:60.7.2+build2-0ubuntu0.16.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4045-1

  CVE-2019-11707, CVE-2019-11708

Severity
critical
Lowest
Low
Medium
High
Critical

July 01, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.