1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202012-04

[GLSA-202012-04] Mozilla Thunderbird: Multiple vulnerabilities

Severity Normal
Affected Packages 2
Unaffected Packages 2
CVEs 13
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.

Background
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Description
Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.

Impact
Please review the referenced CVE identifiers for details.

Workaround
There is no known workaround at this time.

Resolution
All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.5.1"

All Mozilla Thunderbird binary users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=mail-client/thunderbird-bin-78.5.1"

Package Affected Version
pkg:ebuild/mail-client/thunderbird?distro=gentoo < 78.5.1
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo < 78.5.1
Package Unaffected Version
pkg:ebuild/mail-client/thunderbird?distro=gentoo >= 78.5.1
pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo >= 78.5.1
ID
GLSA-202012-04
Severity
normal
URL
https://security.gentoo.org/glsa/202012-04
Published
2020-12-07T00:00:00
(3 years ago)
Modified
2020-12-07T00:00:00
(3 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
Vendor Mozilla Foundation Security Advisory 2020-52 https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/
CVE CVE-2020-26970 Mozilla Foundation Security Advisory 2020-53 https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
CVE CVE-2020-15999 CVE-2020-15999 https://nvd.nist.gov/vuln/detail/CVE-2020-15999
CVE CVE-2020-16012 CVE-2020-16012 https://nvd.nist.gov/vuln/detail/CVE-2020-16012
CVE CVE-2020-26951 CVE-2020-26951 https://nvd.nist.gov/vuln/detail/CVE-2020-26951
CVE CVE-2020-26953 CVE-2020-26953 https://nvd.nist.gov/vuln/detail/CVE-2020-26953
CVE CVE-2020-26956 CVE-2020-26956 https://nvd.nist.gov/vuln/detail/CVE-2020-26956
CVE CVE-2020-26958 CVE-2020-26958 https://nvd.nist.gov/vuln/detail/CVE-2020-26958
CVE CVE-2020-26959 CVE-2020-26959 https://nvd.nist.gov/vuln/detail/CVE-2020-26959
CVE CVE-2020-26960 CVE-2020-26960 https://nvd.nist.gov/vuln/detail/CVE-2020-26960
CVE CVE-2020-26961 CVE-2020-26961 https://nvd.nist.gov/vuln/detail/CVE-2020-26961
CVE CVE-2020-26965 CVE-2020-26965 https://nvd.nist.gov/vuln/detail/CVE-2020-26965
CVE CVE-2020-26968 CVE-2020-26968 https://nvd.nist.gov/vuln/detail/CVE-2020-26968
CVE CVE-2020-26970 CVE-2020-26970 https://nvd.nist.gov/vuln/detail/CVE-2020-26970
Bugzilla 758857 Bugzilla #758857 https://bugs.gentoo.org/show_bug.cgi?id=758857
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/mail-client/thunderbird?distro=gentoo mail-client thunderbird < 78.5.1 gentoo
Unaffected pkg:ebuild/mail-client/thunderbird?distro=gentoo mail-client thunderbird >= 78.5.1 gentoo
Affected pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo mail-client thunderbird-bin < 78.5.1 gentoo
Unaffected pkg:ebuild/mail-client/thunderbird-bin?distro=gentoo mail-client thunderbird-bin >= 78.5.1 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date