USN-4995-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-4995-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4995-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4995-1
Related
Published
2021-06-22T16:43:02.210357Z
Modified
2021-06-22T16:43:02.210357Z
Summary
thunderbird vulnerabilities
Details

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. (CVE-2021-23961, CVE-2021-23981, CVE-2021-23982, CVE-2021-23987, CVE-2021-23994, CVE-2021-23998, CVE-2021-23999, CVE-2021-29945, CVE-2021-29946, CVE-2021-29967)

It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. (CVE-2021-23984)

Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service (inability to send encrypted email) or confuse the user. (CVE-2021-23991, CVE-2021-23992, CVE-2021-23993)

A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-23995)

It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. (CVE-2021-24002)

It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. (CVE-2021-29948)

It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. (CVE-2021-29949)

It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. (CVE-2021-29956)

It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. (CVE-2021-29957)

References

Affected packages

Ubuntu:20.04:LTS / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:78.11.0+build1-0ubuntu0.20.04.2

Affected versions

1:68.*

1:68.1.2+build1-0ubuntu1
1:68.1.2+build1-0ubuntu2
1:68.2.1+build1-0ubuntu1
1:68.2.2+build1-0ubuntu1
1:68.3.0+build2-0ubuntu1
1:68.3.1+build1-0ubuntu2
1:68.4.1+build1-0ubuntu1
1:68.4.2+build2-0ubuntu1
1:68.5.0+build1-0ubuntu1
1:68.6.0+build2-0ubuntu1
1:68.7.0+build1-0ubuntu1
1:68.7.0+build1-0ubuntu2
1:68.8.0+build2-0ubuntu0.20.04.2
1:68.10.0+build1-0ubuntu0.20.04.1

1:78.*

1:78.7.1+build1-0ubuntu0.20.04.1
1:78.8.1+build1-0ubuntu0.20.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "thunderbird",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-dbg",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-dev",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-gnome-support",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-gnome-support-dbg",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-af",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ar",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ast",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-be",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-bg",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-bn",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-bn-bd",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-br",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ca",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-cak",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-cs",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-cy",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-da",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-de",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-dsb",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-el",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-en",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-en-gb",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-en-us",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-es",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-es-ar",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-es-es",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-et",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-eu",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-fa",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-fi",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-fr",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-fy",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-fy-nl",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ga",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ga-ie",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-gd",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-gl",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-he",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-hr",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-hsb",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-hu",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-hy",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-id",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-is",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-it",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ja",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ka",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-kab",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-kk",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ko",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-lt",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-mk",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ms",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-nb",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-nb-no",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-nl",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-nn",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-nn-no",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-pa",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-pa-in",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-pl",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-pt",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-pt-br",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-pt-pt",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-rm",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ro",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ru",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-si",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-sk",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-sl",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-sq",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-sr",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-sv",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-sv-se",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ta",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-ta-lk",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-th",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-tr",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-uk",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-uz",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-vi",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-zh-cn",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-zh-hans",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-zh-hant",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-locale-zh-tw",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "thunderbird-mozsymbols",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "xul-ext-calendar-timezones",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "xul-ext-gdata-provider",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        },
        {
            "binary_name": "xul-ext-lightning",
            "binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
        }
    ]
}