USN-5724-1
- Source
- https://ubuntu.com/security/notices/USN-5724-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5724-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-5724-1
- Upstream
- Related
- Published
- 2022-11-11T20:28:26.303832Z
- Modified
- 2025-09-08T16:37:33Z
- Summary
- thunderbird vulnerabilities
- Details
-
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy (CSP) or other security restrictions, or execute arbitrary code. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3266, CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962)
Multiple security issues were discovered in the Matrix SDK bundled with Thunderbird. An attacker could potentially exploit these in order to impersonate another user. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39236, CVE-2022-39249, CVE-2022-39250, CVE-2022-39251)
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932)
- References
-
- https://ubuntu.com/security/notices/USN-5724-1
- https://ubuntu.com/security/CVE-2022-3266
- https://ubuntu.com/security/CVE-2022-39236
- https://ubuntu.com/security/CVE-2022-39249
- https://ubuntu.com/security/CVE-2022-39250
- https://ubuntu.com/security/CVE-2022-39251
- https://ubuntu.com/security/CVE-2022-40956
- https://ubuntu.com/security/CVE-2022-40957
- https://ubuntu.com/security/CVE-2022-40958
- https://ubuntu.com/security/CVE-2022-40959
- https://ubuntu.com/security/CVE-2022-40960
- https://ubuntu.com/security/CVE-2022-40962
- https://ubuntu.com/security/CVE-2022-42927
- https://ubuntu.com/security/CVE-2022-42928
- https://ubuntu.com/security/CVE-2022-42929
- https://ubuntu.com/security/CVE-2022-42932
Affected packages
Ubuntu:18.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:102.4.2+build2-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:102.4.2+build2-0ubuntu0.18.04.1
Affected versions
1:52.*
1:52.4.0+build1-0ubuntu2
1:52.6.0+build1-0ubuntu1
1:52.7.0+build1-0ubuntu1
1:52.8.0+build1-0ubuntu0.18.04.1
1:52.9.1+build3-0ubuntu0.18.04.1
1:60.*
1:60.2.1+build1-0ubuntu0.18.04.2
1:60.4.0+build2-0ubuntu0.18.04.1
1:60.5.1+build2-0ubuntu0.18.04.1
1:60.6.1+build2-0ubuntu0.18.04.1
1:60.7.0+build1-0ubuntu0.18.04.1
1:60.7.1+build1-0ubuntu0.18.04.1
1:60.7.2+build2-0ubuntu0.18.04.1
1:60.8.0+build1-0ubuntu0.18.04.1
1:60.9.0+build1-0ubuntu0.18.04.1
1:68.*
1:68.2.1+build1-0ubuntu0.18.04.1
1:68.2.2+build1-0ubuntu0.18.04.1
1:68.4.1+build1-0ubuntu0.18.04.1
1:68.7.0+build1-0ubuntu0.18.04.1
1:68.8.0+build2-0ubuntu0.18.04.2
1:68.10.0+build1-0ubuntu0.18.04.1
1:78.*
1:78.8.1+build1-0ubuntu0.18.04.1
1:78.11.0+build1-0ubuntu0.18.04.2
1:78.13.0+build1-0ubuntu0.18.04.1
1:78.14.0+build1-0ubuntu0.18.04.1
1:78.14.0+build1-0ubuntu0.18.04.2
1:91.*
1:91.5.0+build1-0ubuntu0.18.04.1
1:91.7.0+build2-0ubuntu0.18.04.1
1:91.8.1+build1-0ubuntu0.18.04.1
1:91.9.1+build1-0ubuntu0.18.04.1
1:91.11.0+build2-0ubuntu0.18.04.1
1:102.*
1:102.2.2+build1-0ubuntu0.18.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "thunderbird"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "thunderbird-dev"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "thunderbird-gnome-support"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "thunderbird-mozsymbols"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "xul-ext-calendar-timezones"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "xul-ext-gdata-provider"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.18.04.1",
"binary_name": "xul-ext-lightning"
}
],
"availability": "No subscription required"
}
Ubuntu:20.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:102.4.2+build2-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:102.4.2+build2-0ubuntu0.20.04.1
Affected versions
1:68.*
1:68.1.2+build1-0ubuntu1
1:68.1.2+build1-0ubuntu2
1:68.2.1+build1-0ubuntu1
1:68.2.2+build1-0ubuntu1
1:68.3.0+build2-0ubuntu1
1:68.3.1+build1-0ubuntu2
1:68.4.1+build1-0ubuntu1
1:68.4.2+build2-0ubuntu1
1:68.5.0+build1-0ubuntu1
1:68.6.0+build2-0ubuntu1
1:68.7.0+build1-0ubuntu1
1:68.7.0+build1-0ubuntu2
1:68.8.0+build2-0ubuntu0.20.04.2
1:68.10.0+build1-0ubuntu0.20.04.1
1:78.*
1:78.7.1+build1-0ubuntu0.20.04.1
1:78.8.1+build1-0ubuntu0.20.04.1
1:78.11.0+build1-0ubuntu0.20.04.2
1:78.13.0+build1-0ubuntu0.20.04.2
1:78.14.0+build1-0ubuntu0.20.04.1
1:78.14.0+build1-0ubuntu0.20.04.2
1:91.*
1:91.5.0+build1-0ubuntu0.20.04.1
1:91.7.0+build2-0ubuntu0.20.04.1
1:91.8.1+build1-0ubuntu0.20.04.1
1:91.9.1+build1-0ubuntu0.20.04.1
1:91.11.0+build2-0ubuntu0.20.04.1
1:102.*
1:102.2.2+build1-0ubuntu0.20.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "thunderbird"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "thunderbird-dev"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "thunderbird-gnome-support"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "thunderbird-mozsymbols"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "xul-ext-calendar-timezones"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "xul-ext-gdata-provider"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.20.04.1",
"binary_name": "xul-ext-lightning"
}
],
"availability": "No subscription required"
}
Ubuntu:22.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:102.4.2+build2-0ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:102.4.2+build2-0ubuntu0.22.04.1
Affected versions
1:91.*
1:91.1.2+build1-0ubuntu1
1:91.3.0+build2-0ubuntu1
1:91.3.1+build1-0ubuntu1
1:91.3.2+build1-0ubuntu1
1:91.4.0+build1.1-0ubuntu1
1:91.4.0+build2-0ubuntu1
1:91.5.0+build1-0ubuntu1
1:91.5.1+build1-0ubuntu1
1:91.6.1+build1-0ubuntu1
1:91.7.0+build1-0ubuntu1
1:91.7.0+build2-0ubuntu1
1:91.8.0+build2-0ubuntu1
1:91.9.1+build1-0ubuntu0.22.04.1
1:91.11.0+build2-0ubuntu0.22.04.1
1:102.*
1:102.2.2+build1-0ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "thunderbird"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "thunderbird-dev"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "thunderbird-gnome-support"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "thunderbird-mozsymbols"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "xul-ext-calendar-timezones"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "xul-ext-gdata-provider"
},
{
"binary_version": "1:102.4.2+build2-0ubuntu0.22.04.1",
"binary_name": "xul-ext-lightning"
}
],
"availability": "No subscription required"
}