Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in Thunderbird
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in Thunderbird
ID: USN-7193-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
Datum: Do, 9. Januar 2025, 16:14
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11694
Applikationen: Mozilla Thunderbird

Originalnachricht


--===============5838636049022595868==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="godf2bol5257g2ss"
Content-Disposition: inline


--godf2bol5257g2ss
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-7193-1
January 09, 2025

thunderbird vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Thunderbird could be made to bypass security restrictions.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Masato Kinugawa discovered that Thunderbird did not properly validate the
CSP policy in the Web Compatibility extension. An attacker could
potentially exploit this issue to perform a cross-site scripting attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
thunderbird 1:115.18.0+build1-0ubuntu0.22.04.1

Ubuntu 20.04 LTS
thunderbird 1:115.18.0+build1-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7193-1
CVE-2024-11694

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:115.18.0+build1-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:115.18.0+build1-0ubuntu0.20.04.1

--godf2bol5257g2ss
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEEs16801xnF7wK3rCK7Ic6ztRocjwFAmd/c5gACgkQ7Ic6ztRo
cjyxJwwAiLd9QQpJbaQuLLhPuTVbsA1qqXjitMsBLtVHZrtpzlfTXElX24SzPYy6
Ye4enuFJgzsOkHSRIDCxBLDPzMu+gckEVT0JdrHtP5brqoZTabmO1ynafD7gXPEh
jsmQDYkHK8azT3kyFH0kKGJ7K7H9fpBoDtPCWbKFN9Zk5W8s5rUe96Ko8jM6NuUZ
3jXgpS4+FOzeWK28uaGk+CXIp6OMVLcQN3LOf4brUKz5VkpOZaJBaVRgn3FXCNhM
eqZh3iPtMXiiT0MtlUlWDzlwJnvrR+mUnxR/+jOCihHWYawT9jKFlXTBV8WvROv1
Nn4Af4PS4ksUFk4VQYEGWjYMHE3PrPrzweQNxJ5Tu7foBYn+tOFbcCS03rNcW4L8
3kzOGNP9UQfnzZ+UVhqq+SdbwY4WFedmDE8AdTgzFA+o/MJKCqxDyXsnJ9B0Krwb
CBQo0H5mqIsvEJAc/gjIXa4npDhk0s7ua5g1e2p+r6yM5QxWo+/bnua/MfGbfDTg
eCg5C762
=pu/5
-----END PGP SIGNATURE-----

--godf2bol5257g2ss--


--===============5838636049022595868==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline


--===============5838636049022595868==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung