It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506)
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813)
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website in a browsing context with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)
{ "binaries": [ { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "thunderbird-globalmenu" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.14.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }
{ "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2018-18506" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "negligible", "type": "Ubuntu" } ], "id": "CVE-2019-9788" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9790" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9791" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9792" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9793" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9795" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9796" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9810" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9813" } ], "ecosystem": "Ubuntu:14.04:LTS" }
{ "binaries": [ { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "thunderbird-globalmenu" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.16.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }
{ "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2018-18506" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "negligible", "type": "Ubuntu" } ], "id": "CVE-2019-9788" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9790" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9791" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9792" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9793" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9795" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9796" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9810" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9813" } ], "ecosystem": "Ubuntu:16.04:LTS" }
{ "binaries": [ { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "thunderbird-globalmenu" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:60.6.1+build2-0ubuntu0.18.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }
{ "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2018-18506" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "negligible", "type": "Ubuntu" } ], "id": "CVE-2019-9788" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9790" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9791" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9792" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9793" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9795" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9796" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9810" }, { "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2019-9813" } ], "ecosystem": "Ubuntu:18.04:LTS" }