[ GLSA 201803-14 ] Mozilla Thunderbird

[GLSA]

Gentoo Linux Security Advisory

Title: Mozilla Thunderbird: Multiple vulnerabilities (GLSA 201803-14)
Severity: normal
Exploitable: remote
Date: 2018-03-28
Bug(s): #627376, #639048, #643842, #645812, #645820
ID: 201803-14

Synopsis

Multiple vulnerabilities have been found in Mozilla Thunderbird,
the worst of which could lead to the execution of arbitrary code.


Background

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.


Affected Packages

Package: mail-client/thunderbird
Vulnerable: < 52.6.0
Unaffected: >= 52.6.0
Architectures: All supported architectures

Package: mail-client/thunderbird-bin
Vulnerable: < 52.6.0
Unaffected: >= 52.6.0
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.


Impact

A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, conduct URL
hijacking, or conduct cross-site scripting (XSS).


Workaround

There is no known workaround at this time.

Resolution

All Thunderbird users should upgrade to the latest version: