USN-5168-2: Thunderbird vulnerability
1 December 2021
Thunderbird could be made to crash or run programs if it verified a specially crafted signature.
- thunderbird - Mozilla Open Source mail and newsgroup client
Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly
handled verifying DSA/RSA-PSS signatures. A remote attacker could use this
issue to cause Thunderbird to crash, resulting in a denial of service, or
possibly execute arbitrary code.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart Thunderbird to make
all the necessary changes.