Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code. (CVE-2022-2505, CVE-2022-36318, CVE-2022-36319, CVE-2022-38472, CVE-2022-38473, CVE-2022-38476 CVE-2022-38477, CVE-2022-38478)
Multiple security issues were discovered in Thunderbird. An attacker could potentially exploit these in order to determine when a user opens a specially crafted message. (CVE-2022-3032, CVE-2022-3034)
It was discovered that Thunderbird did not correctly handle HTML messages that contain a meta tag in some circumstances. If a user were tricked into replying to a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2022-3033)
A security issue was discovered with the Matrix SDK in Thunderbird. An attacker sharing a room with a user could potentially exploit this to cause a denial of service. (CVE-2022-36059)
{ "binaries": [ { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.18.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.20.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:102.2.2+build1-0ubuntu0.22.04.1", "binary_name": "xul-ext-lightning" } ], "availability": "No subscription required" }