1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201803-14

[GLSA-201803-14] Mozilla Thunderbird: Multiple vulnerabilities

Severity Normal
Affected Packages 2
Unaffected Packages 2
CVEs 40
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.

Background
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Description
Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.

Impact
A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, conduct URL
hijacking, or conduct cross-site scripting (XSS).

Workaround
There is no known workaround at this time.

Resolution
All Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-52.6.0"

All Thunderbird binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-52.6.0"

Package Affected Version
pkg:ebuild/mail-client/thunderbird?distro=gentoo < 52.6.0
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo < 52.6.0
Package Unaffected Version
pkg:ebuild/mail-client/thunderbird?distro=gentoo >= 52.6.0
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo >= 52.6.0
ID
GLSA-201803-14
Severity
normal
URL
https://security.gentoo.org/glsa/201803-14
Published
2018-03-28T00:00:00
(6 years ago)
Modified
2018-03-28T00:00:00
(6 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2017-7753 CVE-2017-7753 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753
CVE CVE-2017-7779 CVE-2017-7779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779
CVE CVE-2017-7784 CVE-2017-7784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784
CVE CVE-2017-7785 CVE-2017-7785 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785
CVE CVE-2017-7786 CVE-2017-7786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786
CVE CVE-2017-7787 CVE-2017-7787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787
CVE CVE-2017-7791 CVE-2017-7791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791
CVE CVE-2017-7792 CVE-2017-7792 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792
CVE CVE-2017-7793 CVE-2017-7793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793
CVE CVE-2017-7800 CVE-2017-7800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800
CVE CVE-2017-7801 CVE-2017-7801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801
CVE CVE-2017-7802 CVE-2017-7802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802
CVE CVE-2017-7803 CVE-2017-7803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803
CVE CVE-2017-7805 CVE-2017-7805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805
CVE CVE-2017-7807 CVE-2017-7807 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807
CVE CVE-2017-7809 CVE-2017-7809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809
CVE CVE-2017-7810 CVE-2017-7810 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810
CVE CVE-2017-7814 CVE-2017-7814 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814
CVE CVE-2017-7818 CVE-2017-7818 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818
CVE CVE-2017-7819 CVE-2017-7819 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819
CVE CVE-2017-7823 CVE-2017-7823 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823
CVE CVE-2017-7824 CVE-2017-7824 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824
CVE CVE-2017-7825 CVE-2017-7825 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825
CVE CVE-2017-7826 CVE-2017-7826 https://nvd.nist.gov/vuln/detail/CVE-2017-7826
CVE CVE-2017-7828 CVE-2017-7828 https://nvd.nist.gov/vuln/detail/CVE-2017-7828
CVE CVE-2017-7829 CVE-2017-7829 https://nvd.nist.gov/vuln/detail/CVE-2017-7829
CVE CVE-2017-7830 CVE-2017-7830 https://nvd.nist.gov/vuln/detail/CVE-2017-7830
CVE CVE-2017-7846 CVE-2017-7846 https://nvd.nist.gov/vuln/detail/CVE-2017-7846
CVE CVE-2017-7847 CVE-2017-7847 https://nvd.nist.gov/vuln/detail/CVE-2017-7847
CVE CVE-2017-7848 CVE-2017-7848 https://nvd.nist.gov/vuln/detail/CVE-2017-7848
CVE CVE-2018-5089 CVE-2018-5089 https://nvd.nist.gov/vuln/detail/CVE-2018-5089
CVE CVE-2018-5095 CVE-2018-5095 https://nvd.nist.gov/vuln/detail/CVE-2018-5095
CVE CVE-2018-5096 CVE-2018-5096 https://nvd.nist.gov/vuln/detail/CVE-2018-5096
CVE CVE-2018-5097 CVE-2018-5097 https://nvd.nist.gov/vuln/detail/CVE-2018-5097
CVE CVE-2018-5098 CVE-2018-5098 https://nvd.nist.gov/vuln/detail/CVE-2018-5098
CVE CVE-2018-5099 CVE-2018-5099 https://nvd.nist.gov/vuln/detail/CVE-2018-5099
CVE CVE-2018-5102 CVE-2018-5102 https://nvd.nist.gov/vuln/detail/CVE-2018-5102
CVE CVE-2018-5103 CVE-2018-5103 https://nvd.nist.gov/vuln/detail/CVE-2018-5103
CVE CVE-2018-5104 CVE-2018-5104 https://nvd.nist.gov/vuln/detail/CVE-2018-5104
CVE CVE-2018-5117 CVE-2018-5117 https://nvd.nist.gov/vuln/detail/CVE-2018-5117
Vendor Mozilla Foundation Security Advisory 2017-20 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
Vendor Mozilla Foundation Security Advisory 2017-23 https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/
Vendor Mozilla Foundation Security Advisory 2017-26 https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
Vendor Mozilla Foundation Security Advisory 2017-30 https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
Vendor Mozilla Foundation Security Advisory 2018-04 https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
Bugzilla 627376 Bugzilla #627376 https://bugs.gentoo.org/show_bug.cgi?id=627376
Bugzilla 639048 Bugzilla #639048 https://bugs.gentoo.org/show_bug.cgi?id=639048
Bugzilla 643842 Bugzilla #643842 https://bugs.gentoo.org/show_bug.cgi?id=643842
Bugzilla 645812 Bugzilla #645812 https://bugs.gentoo.org/show_bug.cgi?id=645812
Bugzilla 645820 Bugzilla #645820 https://bugs.gentoo.org/show_bug.cgi?id=645820
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/mail-client/thunderbird?distro=gentoo mail-client thunderbird < 52.6.0 gentoo
Unaffected pkg:ebuild/mail-client/thunderbird?distro=gentoo mail-client thunderbird >= 52.6.0 gentoo
Affected pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo mail-client thunderbird-bin < 52.6.0 gentoo
Unaffected pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo mail-client thunderbird-bin >= 52.6.0 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date