Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.
81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260ee
Ubuntu Security Notice 4995-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Various other issues were also addressed.
4377b3a315af5e52fb39b7a6d25d2f9f0a167af3746b0bb2a7e6f3615807b933
Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.
5ca81f664f4e17349799dff5ec0303eacf0a8ec7882e1cb1d495ace0532dfaaa
Gentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.
14468afd1abbcf533ea6611cd505e671361f822b331808ff4f16194ccb84f300
Debian Linux Security Advisory 4895-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, privilege escalation or spoofing.
a90591c14b940c58ca0deaa0ce3ecba9d1b79aee98db18f5c67359115f4cc1be
Debian Linux Security Advisory 4897-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.
d046261a5bea547646c1ad71555d4faa8f38e2e133e219e9721c0bfe1ba81218
Red Hat Security Advisory 2021-1363-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
1f13cac2e9bf55b3d937c02a0f2822cb7a9c8825fa475eb6e47ca9b4a675fbec
Red Hat Security Advisory 2021-1361-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
06a96adc0cb4686dfca9e0532a5b12b3eaa30ac5119917c747f6e69c8502f147
Red Hat Security Advisory 2021-1360-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
b3a1dce547d647bb72354e1d6bd119dc0341fe07198dd37451b7ab89ead4a09a
Red Hat Security Advisory 2021-1362-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
1920fc851fca65a2f7bb1803c762e0d503e1d8f744bd2136d5cf375badca3708
Red Hat Security Advisory 2021-1350-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
3b714c0d61188b89eb22df6e2ed72e9a299bbb5e5d6a91e9c762d3071f86d9d9
Red Hat Security Advisory 2021-1352-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
f01e95af13ef5e8ef1f695e64073c2cf1619119c6ea9f99a7d700c9057af96c6
Red Hat Security Advisory 2021-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
9cb9c1c658e85899c18462a7ae12fcf7560d19e10446376cc29b65337a2b9051
Red Hat Security Advisory 2021-1353-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.
577ff192187d01b6d5999811959645ea5037d51fe42ea70deb2e5e2a1ed836c3
Gentoo Linux Security Advisory 202102-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 85.0 are affected.
799862575071b4198c438cdff922fd8f7e7faca175c0f39bab88aa69018dd426