[GLSA-201803-14] Mozilla Thunderbird: Multiple vulnerabilities
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.
Background
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
Description
Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.
Impact
A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, conduct URL
hijacking, or conduct cross-site scripting (XSS).
Workaround
There is no known workaround at this time.
Resolution
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-52.6.0"
All Thunderbird binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-52.6.0"
Package | Affected Version |
---|---|
pkg:ebuild/mail-client/thunderbird?distro=gentoo | < 52.6.0 |
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo | < 52.6.0 |
Package | Unaffected Version |
---|---|
pkg:ebuild/mail-client/thunderbird?distro=gentoo | >= 52.6.0 |
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo | >= 52.6.0 |
- ID
- GLSA-201803-14
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201803-14
- Published
-
2018-03-28T00:00:00
(6 years ago) - Modified
-
2018-03-28T00:00:00
(6 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS-2017-911
- ALPINE:CVE-2018-5089
- ALPINE:CVE-2018-5095
- ALPINE:CVE-2018-5096
- ALPINE:CVE-2018-5097
- ALPINE:CVE-2018-5098
- ALPINE:CVE-2018-5099
- ALPINE:CVE-2018-5102
- ALPINE:CVE-2018-5103
- ALPINE:CVE-2018-5104
- ALPINE:CVE-2018-5117
- ASA-201708-18
- ASA-201708-3
- ASA-201710-19
- ASA-201711-23
- ASA-201711-43
- DSA-3928-1
- DSA-3968-1
- DSA-3987-1
- DSA-3998-1
- DSA-4014-1
- DSA-4035-1
- DSA-4061-1
- DSA-4075-1
- DSA-4096-1
- DSA-4102-1
- ELSA-2017-2456
- ELSA-2017-2534
- ELSA-2017-2831
- ELSA-2017-2832
- ELSA-2017-2885
- ELSA-2017-3247
- ELSA-2017-3372
- ELSA-2018-0061
- ELSA-2018-0122
- ELSA-2018-0262
- FREEBSD:1098A15B-B0F6-42B7-B5C7-8A8646E8BE07
- FREEBSD:5044BD23-08CB-11E8-B08F-00012E582166
- FREEBSD:555B244E-6B20-4546-851F-D8EB7D6C1FFA
- FREEBSD:6A09C80E-6EC7-442A-BC65-D72CE69FD887
- FREEBSD:A891C5B4-3D7A-4DE9-9C71-EEF3FD698C77
- FREEBSD:E71FD9D3-AF47-11E7-A633-009C02A2AB30
- FREEBSD:F78EAC48-C3D1-4666-8DE5-63CEEA25A578
- GLSA-201802-03
- MFSA-2017-18
- MFSA-2017-19
- MFSA-2017-20
- MFSA-2017-21
- MFSA-2017-22
- MFSA-2017-23
- MFSA-2017-24
- MFSA-2017-25
- MFSA-2017-26
- MFSA-2017-30
- MFSA-2018-02
- MFSA-2018-03
- MFSA-2018-04
- openSUSE-SU-2017:2209-1
- openSUSE-SU-2017:2707-1
- openSUSE-SU-2017:2710-1
- openSUSE-SU-2017:3108-1
- openSUSE-SU-2017:3110-1
- openSUSE-SU-2017:3433-1
- openSUSE-SU-2017:3434-1
- openSUSE-SU-2018:0256-1
- openSUSE-SU-2018:0257-1
- RHSA-2017:2456
- RHSA-2017:2534
- RHSA-2017:2831
- RHSA-2017:2832
- RHSA-2017:2885
- RHSA-2017:3247
- RHSA-2017:3372
- RHSA-2018:0061
- RHSA-2018:0122
- RHSA-2018:0262
- SUSE-SU-2017:2302-1
- SUSE-SU-2017:2589-1
- SUSE-SU-2017:2688-1
- SUSE-SU-2017:2872-1
- SUSE-SU-2017:2872-2
- SUSE-SU-2017:3213-1
- SUSE-SU-2017:3233-1
- SUSE-SU-2018:0361-1
- SUSE-SU-2018:0374-1
- USN-3391-1
- USN-3416-1
- USN-3431-1
- USN-3435-1
- USN-3436-1
- USN-3477-1
- USN-3490-1
- USN-3529-1
- USN-3544-1
- USN-3688-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/mail-client/thunderbird?distro=gentoo | mail-client | thunderbird | < 52.6.0 | gentoo | ||
Unaffected | pkg:ebuild/mail-client/thunderbird?distro=gentoo | mail-client | thunderbird | >= 52.6.0 | gentoo | ||
Affected | pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo | mail-client | thunderbird-bin | < 52.6.0 | gentoo | ||
Unaffected | pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo | mail-client | thunderbird-bin | >= 52.6.0 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |