Alerts This Week
Warning Icon 1 1,139
Alerts This Week
Warning Icon 1 1,139

Ubuntu 19.10: USN-4328-1 Moderate: Multiple Thunderbird Issues

ubuntu
Calendar Grey April 13, 2020
Dist Ubuntu Esm H88
Ubuntu USN-4329-1 tackles issues found in Firefox, improving your system's safety and defense.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

It was discovered that Message ID calculation was based on uninitialized

data. An attacker could potentially exploit this to obtain sensitive

information. (CVE-2020-6792)

Mutiple security issues were discovered in Thunderbird. If a user were

tricked in to opening a specially crafted message, an attacker could

potentially exploit these to cause a denial of service, obtain sensitive

information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,

CVE-2020-6822)

It was discovered that if a user saved passwords before Thunderbird 60

and then later set a master password, an unencrypted copy of these

passwords would still be accessible. A local user could exploit this to

obtain sensitive information. (CVE-2020-6794)

Multiple security issues were discovered in Thunderbird. If a user were

tricked in to opening a s...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution Ubuntu information disclosure thunderbird

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  thunderbird                     1:68.7.0+build1-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
  thunderbird                     1:68.7.0+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4328-1

CVE-2019-20503, CVE-2020-6792, CVE-2020-6793, CVE-2020-6794,

CVE-2020-6795, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805,

CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812,

CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,

CVE-2020-6822, CVE-2020-6825

April 13, 2020

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution Ubuntu information disclosure thunderbird

Package Information

https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.18.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here