Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, spoof the UI, bypass CSP restrictions, or
execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737,
CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,
CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470,
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, spoof the UI, bypass CSP restrictions, or
execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737,
CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,
CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470,
CVE-2022-34479, CVE-2022-34481, CVE-2022-34484)
It was discovered that an unavailable PAC file caused OCSP requests to
be blocked, resulting in incorrect error pages being displayed.
(CVE-2022-34472)
It was discovered that the Braille space character could be used to
cause Thunderbird to display the wrong sender address for signed messages.
An attacker could potentially exploit this to trick the user into
believing a message had been sent from somebody they trusted.
(CVE-2022-1834)
It was discovered that Thunderbird would consider an email with a
mismatched OpenPGP signature date as valid. An attacker could potentially
exploit this by replaying an older message in order to trick the user into
believing that the statements in the message are current. (CVE-2022-2226)
Update instructions
After a standard system update you need to restart Thunderbird to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 22.04 jammy | thunderbird – 1:91.11.0+build2-0ubuntu0.22.04.1 | ||
| 21.10 impish | thunderbird – 1:91.11.0+build2-0ubuntu0.21.10.1 | ||
| 20.04 focal | thunderbird – 1:91.11.0+build2-0ubuntu0.20.04.1 | ||
| 18.04 bionic | thunderbird – 1:91.11.0+build2-0ubuntu0.18.04.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2022-34484
- CVE-2022-34481
- CVE-2022-34479
- CVE-2022-34472
- CVE-2022-34470
- CVE-2022-34468
- CVE-2022-31747
- CVE-2022-31744
- CVE-2022-31742
- CVE-2022-31741
- CVE-2022-34484
- CVE-2022-34481
- CVE-2022-34479
- CVE-2022-34472
- CVE-2022-34470
- CVE-2022-34468
- CVE-2022-31747
- CVE-2022-31744
- CVE-2022-31742
- CVE-2022-31741
- CVE-2022-31740
- CVE-2022-31738
- CVE-2022-31737
- CVE-2022-31736
- CVE-2022-2226
- CVE-2022-2200
- CVE-2022-1834