[USN-4647-1] Thunderbird vulnerabilities
chris.coulson at canonical.com
Wed Nov 25 22:42:24 UTC 2020
Ubuntu Security Notice USN-4647-1
November 25, 2020
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
Several security issues were fixed in Thunderbird.
- thunderbird: Mozilla Open Source mail and newsgroup client
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information across origins, bypass security restrictions,
conduct phishing attacks, conduct cross-site scripting (XSS) attacks,
bypass Content Security Policy (CSP) restrictions, conduct DNS rebinding
attacks, or execute arbitrary code.
The problem can be corrected by updating your system to the following
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
CVE-2020-15683, CVE-2020-15969, CVE-2020-16012, CVE-2020-26950,
CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958,
CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce