First published: Thu Jan 16 2020(Updated: )
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/thunderbird | <1:68.4.1+build1-0ubuntu0.19.10.1 | 1:68.4.1+build1-0ubuntu0.19.10.1 |
=19.10 | ||
All of | ||
ubuntu/thunderbird | <1:68.4.1+build1-0ubuntu0.18.04.1 | 1:68.4.1+build1-0ubuntu0.18.04.1 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this Thunderbird vulnerability is CVE-2019-11745, CVE-2019-17005, and CVE-2019-17008.
This vulnerability can be exploited by tricking a user into opening a specially crafted website in a browsing context.
The potential impacts of this vulnerability include denial of service, cross-site scripting (XSS) attacks, and execution of arbitrary code.
Versions 68.4.1+build1-0ubuntu0.19.10.1 and 68.4.1+build1-0ubuntu0.18.04.1 of Thunderbird are affected.
To fix this vulnerability, update Thunderbird to version 1:68.4.1+build1-0ubuntu0.19.10.1 if you are using Ubuntu 19.10, or update to version 1:68.4.1+build1-0ubuntu0.18.04.1 if you are using Ubuntu 18.04.