Source: securityboulevard.com – Author: Rohan Timalsina
In recent Ubuntu and Debian security updates, several vulnerabilities have been addressed in Thunderbird, the popular open-source mail and newsgroup client. Attackers could use these vulnerabilities to cause a denial of service, execute arbitrary code, or disclose sensitive information. The Ubuntu security team has released the patches for Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS, whereas the Debian security team has released the patches for Debian 11 and Debian 12.
Recent Thunderbird Vulnerabilities
CVE-2024-2609, CVE-2024-3852, CVE-2024-3864
Various security flaws were identified in Thunderbird, where a user could unwittingly trigger them by accessing a maliciously crafted website. These vulnerabilities could potentially lead to severe consequences, including denial of service attacks, unauthorized access to sensitive information, bypassing security measures, cross-site tracing, or even executing arbitrary code.
CVE-2024-3302
Bartek Nowotarski discovered a vulnerability in Thunderbird’s handling of HTTP/2 CONTINUATION frames, as there was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser, resulting in a denial of service.
CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861
Lukas Bernhard and Ronald Crane uncovered several memory management flaws within Thunderbird. These vulnerabilities could potentially result in out-of-bounds read exploits, leading to denial of service attacks or unauthorized access to sensitive data.
Mitigation Measures
To address these vulnerabilities and ensure the continued security of your Ubuntu system and Debian, it is imperative to update your Thunderbird package to the latest versions available for your respective release. By promptly applying these updates, you bolster the defenses of your system against potential threats, safeguarding it from exploitation by malicious actors.
TuxCare’s KernelCare Enterprise offers live kernel patching for all popular Linux distributions, including Ubuntu, Debian, CentOS, AlmaLinux, RHEL, Rocky Linux, CloudLinux, and more. Unlike conventional patching methods that require a system reboot, the KernelCare live patching solution applies security updates to the running kernel without needing to reboot or schedule maintenance windows. Furthermore, it automates the patching process, meaning security patches are deployed automatically without manual intervention.
Send patching-related questions to a TuxCare security expert and get advice on modernizing Linux patch management with automation and rebootless patching.
Sources: USN-6750-1, DSA 5670-1
The post Thunderbird Vulnerabilities Fixed in Ubuntu and Debian appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/thunderbird-vulnerabilities-fixed-in-ubuntu-and-debian/
Original Post URL: https://securityboulevard.com/2024/05/thunderbird-vulnerabilities-fixed-in-ubuntu-and-debian/
Category & Tags: Security Bloggers Network,arbitrary code execution,Debian 11 Bullseye,Debian 12 Bookworm,Debian Security Advisories,Debian Security Fixes,Denial-of-Service (DoS),Linux & Open Source News,security patches,security vulnerabilites,Thunderbird vulnerabilities,Ubuntu 20.04,Ubuntu 22.04,ubuntu 23.10,Ubuntu Security Fixes,Ubuntu Security Updates – Security Bloggers Network,arbitrary code execution,Debian 11 Bullseye,Debian 12 Bookworm,Debian Security Advisories,Debian Security Fixes,Denial-of-Service (DoS),Linux & Open Source News,security patches,security vulnerabilites,Thunderbird vulnerabilities,Ubuntu 20.04,Ubuntu 22.04,ubuntu 23.10,Ubuntu Security Fixes,Ubuntu Security Updates
Views: 0