Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.04: USN-6333-1 Critical: Multiple Thunderbird Exploits

ubuntu
Calendar Grey September 4, 2023
Dist Ubuntu Esm H88
Several vulnerabilities in Thunderbird on Ubuntu have been resolved, improving email security. Users are urged to update.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Junsung Lee discovered that Thunderbird did not properly validate the text

direction override unicode character in filenames. An attacker could

potentially exploits this issue by spoofing file extension while attaching

a file in emails. (CVE-2023-3417)

Max Vlasov discovered that Thunderbird Offscreen Canvas did not properly

track cross-origin tainting. An attacker could potentially exploit this

issue to access image data from another site in violation of same-origin

policy. (CVE-2023-4045)

Alexander Guryanov discovered that Thunderbird did not properly update the

value of a global variable in WASM JIT analysis in some circumstances. An

attacker could potentially exploit this issue to cause a denial of service.

(CVE-2023-4046)

Mark Brand discovered that Thunderbird did not properly validate the size

of an untrusted input stream. An atta...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  thunderbird                     1:102.15.0+build1-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:
  thunderbird                     1:102.15.0+build1-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  thunderbird                     1:102.15.0+build1-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6333-1

CVE-2023-3417, CVE-2023-4045, CVE-2023-4046, CVE-2023-4047,

CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4055,

CVE-2023-4056

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6333-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here