Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420)
It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. (CVE-2020-12398)
It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399)
It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This could result in add-ons becoming outdated. (CVE-2020-12421)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "thunderbird", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-dev", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-gnome-support", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "thunderbird-mozsymbols", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "xul-ext-calendar-timezones", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "xul-ext-gdata-provider", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" }, { "binary_name": "xul-ext-lightning", "binary_version": "1:68.10.0+build1-0ubuntu0.16.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "thunderbird", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-dev", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-gnome-support", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "thunderbird-mozsymbols", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "xul-ext-calendar-timezones", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "xul-ext-gdata-provider", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" }, { "binary_name": "xul-ext-lightning", "binary_version": "1:68.10.0+build1-0ubuntu0.18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "thunderbird", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" }, { "binary_name": "thunderbird-dev", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" }, { "binary_name": "thunderbird-gnome-support", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" }, { "binary_name": "thunderbird-mozsymbols", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" }, { "binary_name": "xul-ext-calendar-timezones", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" }, { "binary_name": "xul-ext-gdata-provider", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" }, { "binary_name": "xul-ext-lightning", "binary_version": "1:68.10.0+build1-0ubuntu0.20.04.1" } ] }