Thunderbird Vulnerabilities Fixed in Ubuntu and Debian
2024-5-15 17:0:49 Author: securityboulevard.com(查看原文) 阅读量:6 收藏

In recent Ubuntu and Debian security updates, several vulnerabilities have been addressed in Thunderbird, the popular open-source mail and newsgroup client. Attackers could use these vulnerabilities to cause a denial of service, execute arbitrary code, or disclose sensitive information. The Ubuntu security team has released the patches for Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS, whereas the Debian security team has released the patches for Debian 11 and Debian 12.

Recent Thunderbird Vulnerabilities

CVE-2024-2609, CVE-2024-3852, CVE-2024-3864

Various security flaws were identified in Thunderbird, where a user could unwittingly trigger them by accessing a maliciously crafted website. These vulnerabilities could potentially lead to severe consequences, including denial of service attacks, unauthorized access to sensitive information, bypassing security measures, cross-site tracing, or even executing arbitrary code.

AIE

Techstrong Podcasts

CVE-2024-3302

Bartek Nowotarski discovered a vulnerability in Thunderbird’s handling of HTTP/2 CONTINUATION frames, as there was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser, resulting in a denial of service.

CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861

Lukas Bernhard and Ronald Crane uncovered several memory management flaws within Thunderbird. These vulnerabilities could potentially result in out-of-bounds read exploits, leading to denial of service attacks or unauthorized access to sensitive data.

Mitigation Measures

To address these vulnerabilities and ensure the continued security of your Ubuntu system and Debian, it is imperative to update your Thunderbird package to the latest versions available for your respective release. By promptly applying these updates, you bolster the defenses of your system against potential threats, safeguarding it from exploitation by malicious actors.

TuxCare’s KernelCare Enterprise offers live kernel patching for all popular Linux distributions, including Ubuntu, Debian, CentOS, AlmaLinux, RHEL, Rocky Linux, CloudLinux, and more. Unlike conventional patching methods that require a system reboot, the KernelCare live patching solution applies security updates to the running kernel without needing to reboot or schedule maintenance windows. Furthermore, it automates the patching process, meaning security patches are deployed automatically without manual intervention.

Send patching-related questions to a TuxCare security expert and get advice on modernizing Linux patch management with automation and rebootless patching.

Sources: USN-6750-1, DSA 5670-1

The post Thunderbird Vulnerabilities Fixed in Ubuntu and Debian appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/thunderbird-vulnerabilities-fixed-in-ubuntu-and-debian/


文章来源: https://securityboulevard.com/2024/05/thunderbird-vulnerabilities-fixed-in-ubuntu-and-debian/
如有侵权请联系:admin#unsafe.sh