78.5.1 is in hirsute, and in the process of being SRUed to other
supported releases.
** Changed in: thunderbird (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1906609
Title:
Mozilla Thunderbird SMTP Server Stack-Based Buffer Overflow
Vulnerability
Status in thunderbird package in Ubuntu:
Fix Released
Bug description:
A vulnerability has been reported in Mozilla Thunderbird, which can be
exploited by malicious people to compromise a vulnerable system.
An error when parsing SMTP server status codes can be exploited to cause a
stack-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 78.5.1.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
Mozilla Thunderbird 78.x
Solution
Update to version 78.5.1.
References
1. https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
<https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1906609/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
