CWE
79
Advisory Published

USN-3278-1: Thunderbird vulnerabilities

First published: Tue May 16 2017(Updated: )

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)

Affected SoftwareAffected VersionHow to fix
All of
ubuntu/thunderbird<1:52.1.1+build1-0ubuntu0.17.04.1
1:52.1.1+build1-0ubuntu0.17.04.1
Ubuntu gir1.2-packagekitglib-1.0=17.04
All of
ubuntu/thunderbird<1:52.1.1+build1-0ubuntu0.16.10.1
1:52.1.1+build1-0ubuntu0.16.10.1
Ubuntu gir1.2-packagekitglib-1.0=16.10
All of
ubuntu/thunderbird<1:52.1.1+build1-0ubuntu0.16.04.1
1:52.1.1+build1-0ubuntu0.16.04.1
Ubuntu gir1.2-packagekitglib-1.0=16.04
All of
ubuntu/thunderbird<1:52.1.1+build1-0ubuntu0.14.04.1
1:52.1.1+build1-0ubuntu0.14.04.1
Ubuntu gir1.2-packagekitglib-1.0=14.04

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of USN-3278-1?

    USN-3278-1 has multiple security issues that can lead to denial of service or arbitrary code execution.

  • How do I fix USN-3278-1?

    To fix USN-3278-1, update Thunderbird to the recommended versions provided for your Ubuntu release.

  • Which versions of Thunderbird are affected by USN-3278-1?

    Versions of Thunderbird prior to 1:52.1.1+build1-0ubuntu0.17.04.1 are affected by USN-3278-1.

  • What types of vulnerabilities are associated with USN-3278-1?

    USN-3278-1 includes vulnerabilities that allow reading uninitialized memory and potential application crashes.

  • What platforms are impacted by USN-3278-1?

    USN-3278-1 impacts Ubuntu versions 14.04, 16.04, 16.10, and 17.04.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203