Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Junsung Lee discovered that Thunderbird did not properly validate the text
direction override unicode character in filenames. An attacker could
potentially exploits this issue by spoofing file extension while attaching
a file in emails. (CVE-2023-3417)
Max Vlasov discovered that Thunderbird Offscreen Canvas did not properly
track cross-origin tainting. An attacker could potentially exploit this
issue to access image data from another site in violation of same-origin
policy. (CVE-2023-4045)
Alexander Guryanov discovered that Thunderbird did not properly update the
value of a global variable in WASM JIT analysis in some circumstances. An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-4046)
Mark Brand discovered that Thunderbird did not properly validate the size
of an untrusted input stream. An atta...
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: thunderbird 1:102.15.0+build1-0ubuntu0.23.04.1 Ubuntu 22.04 LTS: thunderbird 1:102.15.0+build1-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: thunderbird 1:102.15.0+build1-0ubuntu0.20.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6333-1
CVE-2023-3417, CVE-2023-4045, CVE-2023-4046, CVE-2023-4047,
CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4055,
CVE-2023-4056
Get the latest Linux and open source security news straight to your inbox.