exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-5435-1

Ubuntu Security Notice USN-5435-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5435-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29914, CVE-2022-29916
SHA-256 | 237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe

Ubuntu Security Notice USN-5435-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-5435-1
May 23, 2022

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass permission prompts, obtain sensitive information, bypass security
restrictions, cause user confusion, or execute arbitrary code.
(CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29916, CVE-2022-29917)

It was discovered that Thunderbird would show the wrong security status
after viewing an attached message that is signed or encrypted. An attacker
could potentially exploit this by tricking the user into trusting the
authenticity of a message. (CVE-2022-1520)

It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website
in a browsing context, an attacker could exploit this to execute
JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
thunderbird 1:91.9.1+build1-0ubuntu0.22.04.1

Ubuntu 21.10:
thunderbird 1:91.9.1+build1-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
thunderbird 1:91.9.1+build1-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
thunderbird 1:91.9.1+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5435-1
CVE-2022-1520, CVE-2022-1529, CVE-2022-1802, CVE-2022-19916,
CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29917

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:91.9.1+build1-0ubuntu0.18.04.1
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close