1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Thunderbird vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, November 26, 2019 20:10:02
    thunderbird vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS

    Summary

    Several security issues were fixed in Thunderbird.

    Software Description

    * thunderbird - Mozilla Open Source mail and newsgroup client

    Details

    It was discovered that a specially crafted S/MIME message with an
    inner encryption layer could be displayed as having a valid
    signature in some circumstances, even if the signer had no access
    to the encrypted message. An attacker could potentially exploit
    this to spoof the message author. (CVE-2019-11755)

    Multiple security issues were discovered in Thunderbird. If a user
    were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit these to
    cause a denial of service, bypass security restrictions, bypass
    same-origin restrictions, conduct cross-site scripting (XSS)
    attacks, or execute arbitrary code. (CVE-2019-11757,
    CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761,
    CVE-2019-11762, CVE-2019-11763, CVE-2019-11764)

    A heap overflow was discovered in the expat library in
    Thunderbird. If a user were tricked in to opening a specially
    crafted message, an attacker could potentially exploit this to
    cause a denial of service, or execute arbitrary code.
    (CVE-2019-15903)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    thunderbird - 1:68.2.1+build1-0ubuntu0.19.10.1

    Ubuntu 18.04 LTS
    thunderbird - 1:68.2.1+build1-0ubuntu0.18.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart Thunderbird to
    make all the necessary changes.

    References

    * CVE-2019-11755
    * CVE-2019-11757
    * CVE-2019-11758
    * CVE-2019-11759
    * CVE-2019-11760
    * CVE-2019-11761
    * CVE-2019-11762
    * CVE-2019-11763
    * CVE-2019-11764
    * CVE-2019-15903

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, January 16, 2020 16:10:07
    thunderbird vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS

    Summary

    Several security issues were fixed in Thunderbird.

    Software Description

    * thunderbird - Mozilla Open Source mail and newsgroup client

    Details

    Multiple security issues were discovered in Thunderbird. If a user
    were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit these to
    cause a denial of service, conduct cross-site scripting (XSS)
    attacks, or execute arbitrary code. (CVE-2019-17005,
    CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012,
    CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024,
    CVE-2019-17026)

    It was discovered that NSS incorrectly handled certain memory
    operations. A remote attacker could potentially exploit this to
    cause a denial of service, or execute arbitrary code.
    (CVE-2019-11745)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    thunderbird - 1:68.4.1+build1-0ubuntu0.19.10.1

    Ubuntu 18.04 LTS
    thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart Thunderbird to
    make all the necessary changes.

    References

    * CVE-2019-11745
    * CVE-2019-17005
    * CVE-2019-17008
    * CVE-2019-17010
    * CVE-2019-17011
    * CVE-2019-17012
    * CVE-2019-17016
    * CVE-2019-17017
    * CVE-2019-17022
    * CVE-2019-17024
    * CVE-2019-17026

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, July 08, 2020 16:10:02
    thunderbird vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Thunderbird.

    Software Description

    * thunderbird - Mozilla Open Source mail and newsgroup client

    Details

    Multiple security issues were discovered in Thunderbird. If a user
    were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit these to
    cause a denial of service, obtain sensitive information, or
    execute arbtirary code. (CVE-2020-12405, CVE-2020-12406,
    CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419,
    CVE-2020-12420)

    It was discovered that Thunderbird would continue an unencrypted
    connection when configured to use STARTTLS for IMAP if the server
    responded with PREAUTH. A remote attacker could potentially
    exploit this to perform a person-in-the-middle attack in order to
    obtain sensitive information. (CVE-2020-12398)

    It was discovered that NSS showed timing differences when
    performing DSA signatures. An attacker could potentially exploit
    this to obtain private keys using a timing attack.
    (CVE-2020-12399)

    It was discovered that when performing add-on updates, certificate
    chains not terminating with built-in roots were silently rejected.
    This could result in add-ons becoming outdated. (CVE-2020-12421)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    thunderbird - 1:68.10.0+build1-0ubuntu0.20.04.1

    Ubuntu 19.10
    thunderbird - 1:68.10.0+build1-0ubuntu0.19.10.1

    Ubuntu 18.04 LTS
    thunderbird - 1:68.10.0+build1-0ubuntu0.18.04.1

    Ubuntu 16.04 LTS
    thunderbird - 1:68.10.0+build1-0ubuntu0.16.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart Thunderbird to
    make all the necessary changes.

    References

    * CVE-2020-12398
    * CVE-2020-12399
    * CVE-2020-12405
    * CVE-2020-12406
    * CVE-2020-12410
    * CVE-2020-12417
    * CVE-2020-12418
    * CVE-2020-12419
    * CVE-2020-12420
    * CVE-2020-12421

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)