Multiple security issues were discovered in Thunderbird, including a bug in popup notifications delay calculation that could have enabled an attacker to trick a user into granting permissions (CVE-2023-4047), and an out-of-bounds read that could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations (CVE-2023-4048). These bugs are simple to exploit and threaten impacted systems' confidentiality, integrity, and availability. As a result, they have received a National Vulnerability Database severity rating of “High”. 

These issues could result in denial of service (DoS) attacks or the execution of arbitrary code.

A Thunderbird security update has been released that mitigates these severe flaws. We strongly recommend that all impacted users apply the updates issued by DebianDebian LTS, RedHat, Rocky Linux, SciLinux, Slackware and Ubuntu now to protect against attacks leading to potential system downtime and compromise.

To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).