Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825)
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745)
It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755)
A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903)
It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794)
It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-dbg" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-dbgsym" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-dev" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-gnome-support-dbg" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-af" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ar" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ast" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-be" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-bg" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-bn" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-bn-bd" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-br" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ca" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-cak" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-cs" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-cy" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-da" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-de" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-dsb" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-el" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-en" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-en-gb" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-en-us" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-es" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-es-ar" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-es-es" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-et" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-eu" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-fi" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-fr" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-fy" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-fy-nl" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ga" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ga-ie" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-gd" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-gl" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-he" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-hr" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-hsb" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-hu" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-hy" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-id" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-is" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-it" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ja" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ka" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-kab" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-kk" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ko" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-lt" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-mk" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ms" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-nb" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-nb-no" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-nl" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-nn" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-nn-no" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-pa" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-pa-in" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-pl" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-pt" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-pt-br" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-pt-pt" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-rm" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ro" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ru" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-si" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-sk" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-sl" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-sq" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-sr" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-sv" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-sv-se" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ta" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-ta-lk" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-tr" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-uk" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-uz" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-vi" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-zh-cn" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-zh-hans" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-zh-hant" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-locale-zh-tw" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:68.7.0+build1-0ubuntu0.16.04.2", "binary_name": "xul-ext-lightning" } ] }