What is the severity of USN-4421-1?

The severity of USN-4421-1 is high.

How do I fix USN-4421-1?

To fix USN-4421-1, update Thunderbird to version 1:68.10.0+build1-0ubuntu0.20.04.1 for Ubuntu 20.04, 1:68.10.0+build1-0ubuntu0.19.10.1 for Ubuntu 19.10, 1:68.10.0+build1-0ubuntu0.18.04.1 for Ubuntu 18.04, or 1:68.10.0+build1-0ubuntu0.16.04.1 for Ubuntu 16.04.

What are the potential impacts of USN-4421-1?

The potential impacts of USN-4421-1 include denial of service, sensitive information disclosure, and arbitrary code execution.

Where can I find more information about USN-4421-1?

You can find more information about USN-4421-1 at the following references: [1] [2] [3].

Vulnerability/
USN-4421-1

8/7/2020

USN-4421-1: Thunderbird vulnerabilities

First published: Wed Jul 08 2020(Updated: )

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420) It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. (CVE-2020-12398) It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399) It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This could result in add-ons becoming outdated. (CVE-2020-12421)

Affected Software	Affected Version	How to fix
All of
ubuntu/thunderbird	<1:68.10.0+build1-0ubuntu0.20.04.1	1:68.10.0+build1-0ubuntu0.20.04.1
	=20.04
All of
ubuntu/thunderbird	<1:68.10.0+build1-0ubuntu0.19.10.1	1:68.10.0+build1-0ubuntu0.19.10.1
	=19.10
All of
ubuntu/thunderbird	<1:68.10.0+build1-0ubuntu0.18.04.1	1:68.10.0+build1-0ubuntu0.18.04.1
	=18.04
All of
ubuntu/thunderbird	<1:68.10.0+build1-0ubuntu0.16.04.1	1:68.10.0+build1-0ubuntu0.16.04.1
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-4421-1?
The severity of USN-4421-1 is high.
How do I fix USN-4421-1?
To fix USN-4421-1, update Thunderbird to version 1:68.10.0+build1-0ubuntu0.20.04.1 for Ubuntu 20.04, 1:68.10.0+build1-0ubuntu0.19.10.1 for Ubuntu 19.10, 1:68.10.0+build1-0ubuntu0.18.04.1 for Ubuntu 18.04, or 1:68.10.0+build1-0ubuntu0.16.04.1 for Ubuntu 16.04.
What are the potential impacts of USN-4421-1?
The potential impacts of USN-4421-1 include denial of service, sensitive information disclosure, and arbitrary code execution.
Where can I find more information about USN-4421-1?
You can find more information about USN-4421-1 at the following references: [1] [2] [3].

agent/severity
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/references
agent/title
agent/tags
agent/description
agent/event
collector/usn
source/Ubuntu
anchor-related/USN-4383-1
anchor-related/USN-4397-2
anchor-related/USN-4397-1
anchor-related/USN-4408-1
agent/software-canonical-lookup
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/19.10
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04