|
|
Subscribe / Log in / New account

Ubuntu alert USN-6903-1 (thunderbird)



From:
              Nishit Majithia <nishit.majithia@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-6903-1] Thunderbird vulnerabilities


Date:
              Mon, 22 Jul 2024 13:40:53 +0530


Message-ID:
              <20240722081053.34g35whu4z2sem37@machine>


==========================================================================
Ubuntu Security Notice USN-6903-1
July 22, 2024

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-6600, CVE-2024-6601,
CVE-2024-6604)

Ronald Crane discovered that Thunderbird did not properly manage certain
memory operations in the NSS. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-6602)

Irvan Kurniawan discovered that Thunderbird did not properly manage memory
during thread creation. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code. 
(CVE-2024-6603)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  thunderbird                     1:115.13.0+build5-0ubuntu0.22.04.1

Ubuntu 20.04 LTS
  thunderbird                     1:115.13.0+build5-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6903-1
  CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603,
  CVE-2024-6604

Package Information:
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.13...
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.13...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEEs16801xnF7wK3rCK7Ic6ztRocjwFAmaeFAkACgkQ7Ic6ztRo
cjyXKwwAsU21eddpzk2v8MS4klDbTqiE+BsNpEM2S2AKlAqOfpQqldl7ubKzgX/I
7Akh6FwsySfngA89HK1Fj239MBMF7YvzSgykDUWvAMzd7WR2AEi8R19Yf37g/vJJ
40YEzB1+CYohPPcG6VeOUAZ2kAg2EhzZyMcnI8wO+cyDMo9a+08jTBXwWg7Q74ZB
Iq+7Rb3zAGz4ZJA44fvSopLjszGFs3wr45CUaWgADTZ/xcj9cK5KP9Bg3QcwgRYi
YystpON2c57x4UDhl68BqaLizhdOCr5FEomNchPYj0tLYfXGXaLIKEuoTjHer2sR
xYMphktSBR3BzEIn7cSxmFuCn54ILVf0AdT21CS8/2CxeR0io2dbm7IHymPoxJRp
W/WZWGKQMPloBciwSZ8SyTFr7xJRm8z9LCyrnQzwIbOdemt2KIUwfSrDfu89bv8u
oApf0KFWOv1UpYnXsGVlNYr9oB7IuK1JjtSs29qe8GL6brbvXg7AsSlihuB6YEt1
DJ/3+hHe
=xu06
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds