Ubuntu 6415 Published by

A Thunderbird security update has been released for Ubuntu Linux 20.04 LTS, 22.04 LTS, 23.04, and 23.10.

[USN-6468-1] Thunderbird vulnerabilities

Ubuntu Security Notice USN-6468-1
November 02, 2023

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS


Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client


Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-5724, CVE-2023-5728,
CVE-2023-5730, CVE-2023-5732)

Kelsey Gilbert discovered that Thunderbird did not properly manage certain
browser prompts and dialogs due to an insufficient activation-delay. An
attacker could potentially exploit this issue to perform clickjacking.

Shaheen Fazim discovered that Thunderbird did not properly validate the URLs
open by installed WebExtension. An attacker could potentially exploit this
issue to obtain sensitive information. (CVE-2023-5725)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
thunderbird 1:115.4.1+build1-0ubuntu0.23.10.1

Ubuntu 23.04:
thunderbird 1:115.4.1+build1-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:
thunderbird 1:115.4.1+build1-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
thunderbird 1:115.4.1+build1-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5728,
CVE-2023-5730, CVE-2023-5732

Package Information: