USN-7066-1: Thunderbird vulnerability
14 October 2024
Thunderbird could be made to crash or run programs if it opened a specially crafted file.
Releases
Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
Damien Schaeffer discovered that Thunderbird did not properly manage
certain memory operations when processing content in the Animation
timelines. An attacker could potentially exploit this issue to achieve
arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.