QID 198711
Date Published: 2022-03-24
QID 198711: Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5345-1)
Extensions of a particular type could auto-updatethemselves and bypass the prompt that requests permissions.
Dragging and dropping an image into a folder couldresult in it being marked as executable.
Files downloaded to /tmp were accessible to otherusers.
Multiple security issues were discovered in thunderbird.
If a user weretricked into opening a specially crafted website in a browsing context,an attacker could potentially exploit these to cause a denial of service,bypass security restrictions, obtain sensitive information, causeundefined behaviour, spoof the browser ui, or execute arbitrary code.
If a userwere tricked into installing a specially crafted extension, an attackercould potentially exploit this to bypass security restrictions.
If a user were tricked intodragging and dropping a specially crafted image, an attacker couldpotentially exploit this to execute arbitrary code.
A local attacker could exploit this to obtain sensitiveinformation.
(cve-2022-26386)a toctou bug was discovered when verifying addon signatures duringinstall.
A local attacker could potentially exploit this to trick auser into installing an addon with an invalid signature.
(cve-2022-26387)an out-of-bounds write by one byte was discovered when processingmessages in some circumstances.
If a user were tricked into opening aspecially crafted message, an attacker could potentially exploit thisto cause a denial of service.
- USN-5345-1 -
ubuntu.com/security/notices/USN-5345-1
CVEs related to QID 198711
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| USN-5345-1 | Ubuntu Linux |
ubuntu.com/security/notices/USN-5345-1 |