Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202003-10 ] Mozilla Thunderbird: Multiple vulnerabilities
Date: Sat, 14 Mar 2020 16:04:22
Message-Id: bd31e066-4efc-db75-d117-8fa29a1a46f0@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202003-10
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Thunderbird: Multiple vulnerabilities
9 Date: March 14, 2020
10 Bugs: #698516, #702638, #709350, #712518
11 ID: 202003-10
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Thunderbird, the
19 worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Mozilla Thunderbird is a popular open-source email client from the
25 Mozilla project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 mail-client/thunderbird < 68.6.0 >= 68.6.0
34 2 mail-client/thunderbird-bin
35 < 68.6.0 >= 68.6.0
36 -------------------------------------------------------------------
37 2 affected packages
38
39 Description
40 ===========
41
42 Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
43 Please review the CVE identifiers referenced below for details.
44
45 Impact
46 ======
47
48 A remote attacker may be able to execute arbitrary code, cause a Denial
49 of Service condition, obtain sensitive information, or conduct
50 Cross-Site Request Forgery (CSRF).
51
52 Workaround
53 ==========
54
55 There is no known workaround at this time.
56
57 Resolution
58 ==========
59
60 All Mozilla Thunderbird users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.6.0"
64
65 All Mozilla Thunderbird binary users should upgrade to the latest
66 version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.6.0"
70
71 References
72 ==========
73
74 [ 1 ] MFSA-2019-35
75 https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/
76 [ 2 ] MFSA-2019-37
77 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
78 [ 3 ] MFSA-2020-07
79 https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/
80 [ 4 ] MFSA-2020-10
81 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/
82 [ 5 ] CVE-2019-11745
83 https://nvd.nist.gov/vuln/detail/CVE-2019-11745
84 [ 6 ] CVE-2019-11757
85 https://nvd.nist.gov/vuln/detail/CVE-2019-11757
86 [ 7 ] CVE-2019-11759
87 https://nvd.nist.gov/vuln/detail/CVE-2019-11759
88 [ 8 ] CVE-2019-11760
89 https://nvd.nist.gov/vuln/detail/CVE-2019-11760
90 [ 9 ] CVE-2019-11761
91 https://nvd.nist.gov/vuln/detail/CVE-2019-11761
92 [ 10 ] CVE-2019-11762
93 https://nvd.nist.gov/vuln/detail/CVE-2019-11762
94 [ 11 ] CVE-2019-11763
95 https://nvd.nist.gov/vuln/detail/CVE-2019-11763
96 [ 12 ] CVE-2019-11764
97 https://nvd.nist.gov/vuln/detail/CVE-2019-11764
98 [ 13 ] CVE-2019-17005
99 https://nvd.nist.gov/vuln/detail/CVE-2019-17005
100 [ 14 ] CVE-2019-17008
101 https://nvd.nist.gov/vuln/detail/CVE-2019-17008
102 [ 15 ] CVE-2019-17010
103 https://nvd.nist.gov/vuln/detail/CVE-2019-17010
104 [ 16 ] CVE-2019-17011
105 https://nvd.nist.gov/vuln/detail/CVE-2019-17011
106 [ 17 ] CVE-2019-17012
107 https://nvd.nist.gov/vuln/detail/CVE-2019-17012
108 [ 18 ] CVE-2019-20503
109 https://nvd.nist.gov/vuln/detail/CVE-2019-20503
110 [ 19 ] CVE-2020-6792
111 https://nvd.nist.gov/vuln/detail/CVE-2020-6792
112 [ 20 ] CVE-2020-6793
113 https://nvd.nist.gov/vuln/detail/CVE-2020-6793
114 [ 21 ] CVE-2020-6794
115 https://nvd.nist.gov/vuln/detail/CVE-2020-6794
116 [ 22 ] CVE-2020-6795
117 https://nvd.nist.gov/vuln/detail/CVE-2020-6795
118 [ 23 ] CVE-2020-6798
119 https://nvd.nist.gov/vuln/detail/CVE-2020-6798
120 [ 24 ] CVE-2020-6800
121 https://nvd.nist.gov/vuln/detail/CVE-2020-6800
122 [ 25 ] CVE-2020-6805
123 https://nvd.nist.gov/vuln/detail/CVE-2020-6805
124 [ 26 ] CVE-2020-6806
125 https://nvd.nist.gov/vuln/detail/CVE-2020-6806
126 [ 27 ] CVE-2020-6807
127 https://nvd.nist.gov/vuln/detail/CVE-2020-6807
128 [ 28 ] CVE-2020-6811
129 https://nvd.nist.gov/vuln/detail/CVE-2020-6811
130 [ 29 ] CVE-2020-6812
131 https://nvd.nist.gov/vuln/detail/CVE-2020-6812
132 [ 30 ] CVE-2020-6814
133 https://nvd.nist.gov/vuln/detail/CVE-2020-6814
134
135 Availability
136 ============
137
138 This GLSA and any updates to it are available for viewing at
139 the Gentoo Security Website:
140
141 https://security.gentoo.org/glsa/202003-10
142
143 Concerns?
144 =========
145
146 Security is a primary focus of Gentoo Linux and ensuring the
147 confidentiality and security of our users' machines is of utmost
148 importance to us. Any security concerns should be addressed to
149 security@g.o or alternatively, you may file a bug at
150 https://bugs.gentoo.org.
151
152 License
153 =======
154
155 Copyright 2020 Gentoo Foundation, Inc; referenced text
156 belongs to its owner(s).
157
158 The contents of this document are licensed under the
159 Creative Commons - Attribution / Share Alike license.
160
161 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups