** Information type changed from Private Security to Public Security
** Changed in: thunderbird (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1906609
Title:
Mozilla Thunderbird SMTP Server Stack-Based Buffer Overflow
Vulnerability
Status in thunderbird package in Ubuntu:
Confirmed
Bug description:
A vulnerability has been reported in Mozilla Thunderbird, which can be
exploited by malicious people to compromise a vulnerable system.
An error when parsing SMTP server status codes can be exploited to cause a
stack-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 78.5.1.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
Mozilla Thunderbird 78.x
Solution
Update to version 78.5.1.
References
1. https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
<https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1906609/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
