[USN-4701-1] Thunderbird vulnerabilities
Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass the CSS sanitizer, or execute
arbitrary code. (CVE-2020-16042, CVE-2020-16044, CVE-2020-26971,
CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35113)
It was discovered that the proxy.onRequest API did not catch
view-source URLs. If a user were tricked in to installing an
extension with the proxy permission and opening View Source, an
attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-35111)
A stack overflow was discovered due to incorrect parsing of SMTP server
response codes. An attacker could potentially exploit this to execute
arbitrary code. (CVE-2020-26970)
- ID
- USN-4701-1
- Severity
- high
- Severity from
- CVE-2020-16044
- URL
- https://ubuntu.com/security/notices/USN-4701-1
- Published
-
2021-01-20T12:17:37
(3 years ago) - Modified
-
2021-01-20T12:17:37
(3 years ago) - Other Advisories
-
- ALAS2-2021-1586
- ALAS2-2021-1594
- ALPINE:CVE-2020-16042
- ALPINE:CVE-2020-16044
- ALPINE:CVE-2020-26970
- ALPINE:CVE-2020-26971
- ALPINE:CVE-2020-26973
- ALPINE:CVE-2020-26974
- ALPINE:CVE-2020-26978
- ALPINE:CVE-2020-35111
- ALPINE:CVE-2020-35113
- ASA-202012-14
- ASA-202012-23
- ASA-202012-25
- ASA-202101-17
- ASA-202101-5
- ASA-202102-4
- ASA-202102-5
- DSA-4802-1
- DSA-4813-1
- DSA-4815-1
- DSA-4824-1
- DSA-4827-1
- DSA-4842-1
- DSA-4846-1
- ELSA-2020-5398
- ELSA-2020-5400
- ELSA-2020-5618
- ELSA-2020-5624
- ELSA-2021-0052
- ELSA-2021-0053
- ELSA-2021-0087
- ELSA-2021-0089
- FEDORA-2020-5b9c42f1b9
- FEDORA-2020-f43efd09e8
- FEDORA-2021-48866282e5
- FEDORA-2021-b7cc24375b
- FREEBSD:01FFD06A-36ED-11EB-B655-3065EC8FD3EC
- FREEBSD:4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC
- GLSA-202012-04
- GLSA-202012-05
- GLSA-202012-20
- GLSA-202101-04
- GLSA-202101-13
- GLSA-202101-14
- MFSA-2020-53
- MFSA-2020-54
- MFSA-2020-55
- MFSA-2020-56
- MFSA-2021-01
- MFSA-2021-02
- MS:CVE-2020-16044
- openSUSE-SU-2020:2181-1
- openSUSE-SU-2020:2213-1
- openSUSE-SU-2020:2216-1
- openSUSE-SU-2020:2229-1
- openSUSE-SU-2020:2317-1
- openSUSE-SU-2020:2318-1
- openSUSE-SU-2020:2324-1
- openSUSE-SU-2020:2325-1
- openSUSE-SU-2020:2359-1
- openSUSE-SU-2020:2360-1
- openSUSE-SU-2021:0056-1
- openSUSE-SU-2021:0063-1
- openSUSE-SU-2021:0093-1
- openSUSE-SU-2021:0127-1
- openSUSE-SU-2021:0166-1
- openSUSE-SU-2021:0173-1
- openSUSE-SU-2021:0177-1
- openSUSE-SU-2021:0186-1
- openSUSE-SU-2021:0973-1
- openSUSE-SU-2021:1016-1
- RHSA-2020:5398
- RHSA-2020:5400
- RHSA-2020:5561
- RHSA-2020:5562
- RHSA-2020:5618
- RHSA-2020:5624
- RHSA-2021:0052
- RHSA-2021:0053
- RHSA-2021:0087
- RHSA-2021:0089
- SUSE-SU-2020:3642-1
- SUSE-SU-2020:3900-1
- SUSE-SU-2020:3901-1
- SUSE-SU-2020:3902-1
- SUSE-SU-2020:3903-1
- SUSE-SU-2020:3935-1
- SUSE-SU-2021:0071-1
- SUSE-SU-2021:0072-1
- SUSE-SU-2021:0080-1
- SUSE-SU-2021:0122-1
- SUSE-SU-2021:0123-1
- USN-4671-1
- USN-4687-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/xul-ext-lightning?distro=groovy | ubuntu | xul-ext-lightning | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/xul-ext-gdata-provider?distro=groovy | ubuntu | xul-ext-gdata-provider | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/xul-ext-calendar-timezones?distro=groovy | ubuntu | xul-ext-calendar-timezones | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird?distro=groovy | ubuntu | thunderbird | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-mozsymbols?distro=groovy | ubuntu | thunderbird-mozsymbols | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-zh-tw?distro=groovy | ubuntu | thunderbird-locale-zh-tw | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-zh-hant?distro=groovy | ubuntu | thunderbird-locale-zh-hant | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-zh-hans?distro=groovy | ubuntu | thunderbird-locale-zh-hans | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-zh-cn?distro=groovy | ubuntu | thunderbird-locale-zh-cn | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-vi?distro=groovy | ubuntu | thunderbird-locale-vi | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-uz?distro=groovy | ubuntu | thunderbird-locale-uz | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-uk?distro=groovy | ubuntu | thunderbird-locale-uk | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-tr?distro=groovy | ubuntu | thunderbird-locale-tr | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-th?distro=groovy | ubuntu | thunderbird-locale-th | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ta?distro=groovy | ubuntu | thunderbird-locale-ta | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ta-lk?distro=groovy | ubuntu | thunderbird-locale-ta-lk | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-sv?distro=groovy | ubuntu | thunderbird-locale-sv | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-sv-se?distro=groovy | ubuntu | thunderbird-locale-sv-se | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-sr?distro=groovy | ubuntu | thunderbird-locale-sr | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-sq?distro=groovy | ubuntu | thunderbird-locale-sq | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-sl?distro=groovy | ubuntu | thunderbird-locale-sl | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-sk?distro=groovy | ubuntu | thunderbird-locale-sk | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-si?distro=groovy | ubuntu | thunderbird-locale-si | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ru?distro=groovy | ubuntu | thunderbird-locale-ru | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ro?distro=groovy | ubuntu | thunderbird-locale-ro | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-rm?distro=groovy | ubuntu | thunderbird-locale-rm | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-pt?distro=groovy | ubuntu | thunderbird-locale-pt | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-pt-pt?distro=groovy | ubuntu | thunderbird-locale-pt-pt | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-pt-br?distro=groovy | ubuntu | thunderbird-locale-pt-br | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-pl?distro=groovy | ubuntu | thunderbird-locale-pl | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-pa?distro=groovy | ubuntu | thunderbird-locale-pa | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-pa-in?distro=groovy | ubuntu | thunderbird-locale-pa-in | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-nn?distro=groovy | ubuntu | thunderbird-locale-nn | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-nn-no?distro=groovy | ubuntu | thunderbird-locale-nn-no | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-nl?distro=groovy | ubuntu | thunderbird-locale-nl | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-nb?distro=groovy | ubuntu | thunderbird-locale-nb | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-nb-no?distro=groovy | ubuntu | thunderbird-locale-nb-no | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ms?distro=groovy | ubuntu | thunderbird-locale-ms | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-mk?distro=groovy | ubuntu | thunderbird-locale-mk | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-lt?distro=groovy | ubuntu | thunderbird-locale-lt | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ko?distro=groovy | ubuntu | thunderbird-locale-ko | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-kk?distro=groovy | ubuntu | thunderbird-locale-kk | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-kab?distro=groovy | ubuntu | thunderbird-locale-kab | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ka?distro=groovy | ubuntu | thunderbird-locale-ka | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ja?distro=groovy | ubuntu | thunderbird-locale-ja | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-it?distro=groovy | ubuntu | thunderbird-locale-it | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-is?distro=groovy | ubuntu | thunderbird-locale-is | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-id?distro=groovy | ubuntu | thunderbird-locale-id | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-hy?distro=groovy | ubuntu | thunderbird-locale-hy | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-hu?distro=groovy | ubuntu | thunderbird-locale-hu | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-hsb?distro=groovy | ubuntu | thunderbird-locale-hsb | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-hr?distro=groovy | ubuntu | thunderbird-locale-hr | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-he?distro=groovy | ubuntu | thunderbird-locale-he | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-gl?distro=groovy | ubuntu | thunderbird-locale-gl | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-gd?distro=groovy | ubuntu | thunderbird-locale-gd | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ga?distro=groovy | ubuntu | thunderbird-locale-ga | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ga-ie?distro=groovy | ubuntu | thunderbird-locale-ga-ie | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-fy?distro=groovy | ubuntu | thunderbird-locale-fy | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-fy-nl?distro=groovy | ubuntu | thunderbird-locale-fy-nl | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-fr?distro=groovy | ubuntu | thunderbird-locale-fr | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-fi?distro=groovy | ubuntu | thunderbird-locale-fi | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-fa?distro=groovy | ubuntu | thunderbird-locale-fa | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-eu?distro=groovy | ubuntu | thunderbird-locale-eu | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-et?distro=groovy | ubuntu | thunderbird-locale-et | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-es?distro=groovy | ubuntu | thunderbird-locale-es | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-es-es?distro=groovy | ubuntu | thunderbird-locale-es-es | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-es-ar?distro=groovy | ubuntu | thunderbird-locale-es-ar | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-en?distro=groovy | ubuntu | thunderbird-locale-en | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-en-us?distro=groovy | ubuntu | thunderbird-locale-en-us | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-en-gb?distro=groovy | ubuntu | thunderbird-locale-en-gb | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-el?distro=groovy | ubuntu | thunderbird-locale-el | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-dsb?distro=groovy | ubuntu | thunderbird-locale-dsb | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-de?distro=groovy | ubuntu | thunderbird-locale-de | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-da?distro=groovy | ubuntu | thunderbird-locale-da | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-cy?distro=groovy | ubuntu | thunderbird-locale-cy | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-cs?distro=groovy | ubuntu | thunderbird-locale-cs | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-cak?distro=groovy | ubuntu | thunderbird-locale-cak | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ca?distro=groovy | ubuntu | thunderbird-locale-ca | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-br?distro=groovy | ubuntu | thunderbird-locale-br | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-bn?distro=groovy | ubuntu | thunderbird-locale-bn | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-bn-bd?distro=groovy | ubuntu | thunderbird-locale-bn-bd | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-bg?distro=groovy | ubuntu | thunderbird-locale-bg | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-be?distro=groovy | ubuntu | thunderbird-locale-be | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ast?distro=groovy | ubuntu | thunderbird-locale-ast | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-ar?distro=groovy | ubuntu | thunderbird-locale-ar | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-locale-af?distro=groovy | ubuntu | thunderbird-locale-af | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-gnome-support?distro=groovy | ubuntu | thunderbird-gnome-support | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy | ||
Affected | pkg:deb/ubuntu/thunderbird-dev?distro=groovy | ubuntu | thunderbird-dev | < 78.6.1+build1-0ubuntu0.20.10.1 | groovy |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |