Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 19.10 & 18.04: USN-4202-2 Moderate: Thunderbird Regression

ubuntu
Calendar Grey December 10, 2019
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4202-3 highlights a newly identified issue in Thunderbird following a previous correction, affecting user experience.
USN-4202-1 caused a regression in Thunderbird.

Summary

USN-4202-1 caused a regression in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading,

Thunderbird

created a new profile for some users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a specially crafted S/MIME message with an inner

encryption layer could be displayed as having a valid signature in some

circumstances, even if the signer had no access to the encrypted message.

An attacker could potentially exploit this to spoof the message author.

(CVE-2019-11755)

Multiple security issues were discovered in Thunderbird. If a user were

tricked in to opening a specially crafted website in a browsing context,

an attacker could potentially exploit these to cause a denial of service,

bypass security restrictions, bypass same-origin restrictions, conduct

cross-si...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  thunderbird                     1:68.2.2+build1-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
  thunderbird                     1:68.2.2+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4202-1

https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1854150

Severity
medium
Lowest
Low
Medium
High
Critical

December 10, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here