USN-7066-1
- Source
- https://ubuntu.com/security/notices/USN-7066-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7066-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7066-1
- Upstream
- Related
- Published
- 2024-10-14T06:21:48.849379Z
- Modified
- 2025-10-13T04:38:41Z
- Summary
- thunderbird vulnerability
- Details
-
Damien Schaeffer discovered that Thunderbird did not properly manage certain memory operations when processing content in the Animation timelines. An attacker could potentially exploit this issue to achieve arbitrary code execution.
- References
Affected packages
Ubuntu:20.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:115.16.0+build2-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:115.16.0+build2-0ubuntu0.20.04.1
Affected versions
1:68.*
1:68.1.2+build1-0ubuntu1
1:68.1.2+build1-0ubuntu2
1:68.2.1+build1-0ubuntu1
1:68.2.2+build1-0ubuntu1
1:68.3.0+build2-0ubuntu1
1:68.3.1+build1-0ubuntu2
1:68.4.1+build1-0ubuntu1
1:68.4.2+build2-0ubuntu1
1:68.5.0+build1-0ubuntu1
1:68.6.0+build2-0ubuntu1
1:68.7.0+build1-0ubuntu1
1:68.7.0+build1-0ubuntu2
1:68.8.0+build2-0ubuntu0.20.04.2
1:68.10.0+build1-0ubuntu0.20.04.1
1:78.*
1:78.7.1+build1-0ubuntu0.20.04.1
1:78.8.1+build1-0ubuntu0.20.04.1
1:78.11.0+build1-0ubuntu0.20.04.2
1:78.13.0+build1-0ubuntu0.20.04.2
1:78.14.0+build1-0ubuntu0.20.04.1
1:78.14.0+build1-0ubuntu0.20.04.2
1:91.*
1:91.5.0+build1-0ubuntu0.20.04.1
1:91.7.0+build2-0ubuntu0.20.04.1
1:91.8.1+build1-0ubuntu0.20.04.1
1:91.9.1+build1-0ubuntu0.20.04.1
1:91.11.0+build2-0ubuntu0.20.04.1
1:102.*
1:102.2.2+build1-0ubuntu0.20.04.1
1:102.4.2+build2-0ubuntu0.20.04.1
1:102.7.1+build2-0ubuntu0.20.04.1
1:102.8.0+build2-0ubuntu0.20.04.1
1:102.9.0+build1-0ubuntu0.20.04.1
1:102.10.0+build2-0ubuntu0.20.04.1
1:102.11.0+build1-0ubuntu0.20.04.1
1:102.13.0+build1-0ubuntu0.20.04.1
1:102.15.0+build1-0ubuntu0.20.04.1
1:102.15.1+build1-0ubuntu0.20.04.1
1:115.*
1:115.3.1+build1-0ubuntu0.20.04.1
1:115.4.1+build1-0ubuntu0.20.04.1
1:115.5.0+build1-0ubuntu0.20.04.1
1:115.6.0+build2-0ubuntu0.20.04.1
1:115.8.1+build1-0ubuntu0.20.04.1
1:115.9.0+build1-0ubuntu0.20.04.1
1:115.10.1+build1-0ubuntu0.20.04.1
1:115.11.0+build2-0ubuntu0.20.04.1
1:115.12.0+build3-0ubuntu0.20.04.1
1:115.13.0+build5-0ubuntu0.20.04.1
1:115.15.0+build1-0ubuntu0.20.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-dev",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-9680",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:115.16.0+build2-0ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:115.16.0+build2-0ubuntu0.22.04.1
Affected versions
1:91.*
1:91.1.2+build1-0ubuntu1
1:91.3.0+build2-0ubuntu1
1:91.3.1+build1-0ubuntu1
1:91.3.2+build1-0ubuntu1
1:91.4.0+build1.1-0ubuntu1
1:91.4.0+build2-0ubuntu1
1:91.5.0+build1-0ubuntu1
1:91.5.1+build1-0ubuntu1
1:91.6.1+build1-0ubuntu1
1:91.7.0+build1-0ubuntu1
1:91.7.0+build2-0ubuntu1
1:91.8.0+build2-0ubuntu1
1:91.9.1+build1-0ubuntu0.22.04.1
1:91.11.0+build2-0ubuntu0.22.04.1
1:102.*
1:102.2.2+build1-0ubuntu0.22.04.1
1:102.4.2+build2-0ubuntu0.22.04.1
1:102.7.1+build2-0ubuntu0.22.04.1
1:102.8.0+build2-0ubuntu0.22.04.1
1:102.9.0+build1-0ubuntu0.22.04.1
1:102.10.0+build2-0ubuntu0.22.04.1
1:102.11.0+build1-0ubuntu0.22.04.1
1:102.13.0+build1-0ubuntu0.22.04.1
1:102.15.0+build1-0ubuntu0.22.04.1
1:102.15.1+build1-0ubuntu0.22.04.1
1:115.*
1:115.3.1+build1-0ubuntu0.22.04.2
1:115.4.1+build1-0ubuntu0.22.04.1
1:115.5.0+build1-0ubuntu0.22.04.1
1:115.6.0+build2-0ubuntu0.22.04.1
1:115.8.1+build1-0ubuntu0.22.04.1
1:115.9.0+build1-0ubuntu0.22.04.1
1:115.10.1+build1-0ubuntu0.22.04.1
1:115.11.0+build2-0ubuntu0.22.04.1
1:115.12.0+build3-0ubuntu0.22.04.1
1:115.13.0+build5-0ubuntu0.22.04.1
1:115.15.0+build1-0ubuntu0.22.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-dev",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-9680",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}