Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Thunderbird
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Thunderbird
ID: USN-5435-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10, Ubuntu 22.04 LTS
Datum: Mo, 23. Mai 2022, 22:27
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-19916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29912
Applikationen: Mozilla Thunderbird

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4560949003808782383==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------MYqeCy0L92M960UgLWEi0yIo"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------MYqeCy0L92M960UgLWEi0yIo
Content-Type: multipart/mixed;
 boundary="------------G5kl1ps71osTU6WLFR1tIXLZ";
 protected-headers="v1"
From: Chris Coulson <chris.coulson@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <48383b8a-0a8e-5f3e-58a0-5ecf114d0578@canonical.com>
Subject: [USN-5435-1] Thunderbird vulnerabilities

--------------G5kl1ps71osTU6WLFR1tIXLZ
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5435-1
May 23, 2022

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass permission prompts, obtain sensitive information, bypass security
restrictions, cause user confusion, or execute arbitrary code.
(CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29916, CVE-2022-29917)

It was discovered that Thunderbird would show the wrong security status
after viewing an attached message that is signed or encrypted. An attacker
could potentially exploit this by tricking the user into trusting the
authenticity of a message. (CVE-2022-1520)

It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website
in a browsing context, an attacker could exploit this to execute
JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  thunderbird                     1:91.9.1+build1-0ubuntu0.22.04.1

Ubuntu 21.10:
  thunderbird                     1:91.9.1+build1-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
  thunderbird                     1:91.9.1+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  thunderbird                     1:91.9.1+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5435-1
  CVE-2022-1520, CVE-2022-1529, CVE-2022-1802, CVE-2022-19916,
  CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
  CVE-2022-29914, CVE-2022-29917

Package Information:
  https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.22.04.1
  https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.21.10.1
  https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.20.04.1
  https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.18.04.1

--------------G5kl1ps71osTU6WLFR1tIXLZ--

--------------MYqeCy0L92M960UgLWEi0yIo
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAmKLpB4ACgkQYR+97NWU
bg8TAwf9GICoSao23qMRO37fLMI+c1E5vZM3v59OccOFVLjtDp5eWhApxkb9Ck/o
uoblXMIrS9MMw0g0SUIoiRqbcjG7HtaQKjH8673Un+pYSb42Po/8Ws9NwwZzvZkG
bHcOpmHG0BtFOP7KJhnvA/0FG6Esm8KWagOqFhkaLl/i5zjTcDkae3imU94vzpBk
D1Pmy5nHA3+s1o62Z52KAxQvXSnbZTzn5WeSW9N8fWeNJjVNkCMLXoOIXQLEXZxy
CtETXVayKIciXBR4AYTZlLcJpWMHiZp9pKBBYLExFOPwY6k3QiDjHg8Q5WRG1DPc
WcvAjr1765xAcg9E/lnMIjEKAZjaCQ==
=KjkW
-----END PGP SIGNATURE-----

--------------MYqeCy0L92M960UgLWEi0yIo--


--===============4560949003808782383==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4560949003808782383==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung