thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Thunderbird.
Software Description
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317)
A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816)
It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make all the necessary changes.
References
- CVE-2018-18511
- CVE-2019-11691
- CVE-2019-11692
- CVE-2019-11693
- CVE-2019-11698
- CVE-2019-5798
- CVE-2019-7317
- CVE-2019-9797
- CVE-2019-9800
- CVE-2019-9816
- CVE-2019-9817
- CVE-2019-9819
- CVE-2019-9820
from Ubuntu Security Notices http://bit.ly/2VSf0kw
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.