Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317)
A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816)
It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)
{ "binaries": [ { "binary_name": "thunderbird", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-dev", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-globalmenu", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-gnome-support", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-mozsymbols", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "xul-ext-calendar-timezones", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "xul-ext-gdata-provider", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "xul-ext-lightning", "binary_version": "1:60.7.0+build1-0ubuntu0.16.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "thunderbird", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-dev", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-globalmenu", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-gnome-support", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-mozsymbols", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "xul-ext-calendar-timezones", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "xul-ext-gdata-provider", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "xul-ext-lightning", "binary_version": "1:60.7.0+build1-0ubuntu0.18.04.1" } ], "availability": "No subscription required" }