GLSA 201705-07: Mozilla Thunderbird: Multiple vulnerabilities

http://security.gentoo.org/

Severity:	normal
Title:	Mozilla Thunderbird: Multiple vulnerabilities
Date:	05/09/2017
Bugs:	#611954
ID:	201705-07

Synopsis

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.

Background

Mozilla Thunderbird is a popular open-source email client from the Mozilla project.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
mail-client/thunderbird	< 45.8.0	>= 45.8.0	All supported architectures
mail-client/thunderbird-bin	< 45.8.0	>= 45.8.0	All supported architectures

Description

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker, by enticing a user to open a specially crafted email or web page, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, spoof content or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Thunderbird users should upgrade to the latest version:

      # emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-45.8.0"

All Mozilla Thunderbird binary users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-45.8.0"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201705-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.