Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 20.04: 4373-1 Critical: Thunderbird Code Execution

ubuntu
Calendar Grey May 26, 2020
Dist Ubuntu Esm H88
The recent update for Thunderbird on Ubuntu rectifies various security flaws; refer to the comprehensive update information and vulnerability specifics below.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were

tricked in to opening a specially crafted website in a browsing context,

an attacker could potentially exploit these to cause a denial of service,

or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12395)

It was discovered that the Devtools’ ‘Copy as cURL’ feature did not

properly escape the HTTP POST data of a request. If a user were tricked

in to using the ‘Copy as cURL’ feature to copy and paste a command with

specially crafted data in to a terminal, an attacker could potentially

exploit this to obtain sensitive information from local files.

(CVE-2020-12392)

It was discovered that Thunderbird did not correctly handle Unicode

whitespace characters within the From email header. An attacker could

potentially exploit t...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  thunderbird                     1:68.8.0+build2-0ubuntu0.20.04.2

Ubuntu 19.10:
  thunderbird                     1:68.8.0+build2-0ubuntu0.19.10.2

Ubuntu 18.04 LTS:
  thunderbird                     1:68.8.0+build2-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
  thunderbird                     1:68.8.0+build2-0ubuntu0.16.04.2

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4373-1

CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-12397,

CVE-2020-6831

Severity
critical
Lowest
Low
Medium
High
Critical

May 26, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.