@Robie Basak (racb): You are partly right that some security bugs have been fixed in Thunderbird 52.9.1 packages in Ubuntu (I haven't seen that). I also checked the CVE but it seems that at least three "critical" or "high" security bugs are no yet fixed in Ubuntus Thunderbird:
Security vulnerabilities fixed in Thunderbird 60 (https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/): 1. CVE-2018-5156 (Media recorder segmentation fault when track type is changed during https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5156.html) is only fixed in Firefox 2. CVE-2018-12361 (Integer overflow in SwizzleData https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12361.html) is only fixed in Firefox Security vulnerabilities fixed in Thunderbird 60.2.1 (https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/) 3. CVE-2018-12377 (Use-after-free in refresh driver timers https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12377.html) is only fixed in Firefox and Thunderbird "needs-triage". ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12361 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12377 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5156 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796126 Title: Thunderbird is out of date for two months when Thunderbird 60 was released To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1796126/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
