Ubuntu update for Thunderbird
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-5798 CVE-2019-7317 CVE-2019-9816 CVE-2019-11698 CVE-2018-18511 |
| CWE-ID | CWE-416 CWE-119 CWE-264 CWE-20 CWE-125 CWE-843 CWE-451 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
thunderbird (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU18556
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11691
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in XMLHttpRequest (XHR) in an event loop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU18557
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11692
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when listeners are removed from the event listener manager while still in use. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU18558
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11693
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in bufferdata function in WebGL with specific graphics drivers on Linux. A remote attacker can create a specially crafted web apge, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18036
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9797
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to incorrect implementation of the cross-origin policy when reading images using createImageBitmap. A remote attacker can trick the victim into visiting a specially crafted web page and gain access to images opened in other browser tabs.
Update the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU18568
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9800
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18551
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9817
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect access restrictions when reading images from a different domain. A remote attacker can use a canvas object under certain circumstances to violate same-origin policy and read image data from another domain name.
Update the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU18553
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9819
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a JavaScript compartment mismatch when working with the fetch API. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU18554
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9820
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free in ChromeEventHandler by DocShell. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU18572
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-5798
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the Skia library during path transformations. A remote attacker can create a specially crafted email, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU17708
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-7317
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Type Confusion
EUVDB-ID: #VU18550
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9816
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when manipulating JavaScript objects in object groups via UnboxedObjects. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Spoofing attack
EUVDB-ID: #VU18563
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11698
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of drag and drop operations. A remote attacker can create a specially crafted hyperlink that when dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
Successful exploitation of the vulnerability may allow an attacker to steal user's browser history.
MitigationUpdate the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU17654
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18511
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass same-origin policy.
The vulnerability exists due to an error when processing canvas elements with transferFromImageBitmap method. A remote attacker can create a specially crafted website, trick the victim into visiting it, bypass cross-origin policy and view images loaded in other browser tabs.
Update the affected packages.
- Ubuntu 19.04
- thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
- Ubuntu 18.10
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1
thunderbird (Ubuntu package): 1:38.7.2+build1-0ubuntu0.16.04.1 - 1:60.6.1+build2-0ubuntu0.18.10.1
CPE2.3- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.6.1 build2-0ubuntu0.18.10.1:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:thunderbird_ubuntu_package:1:60.5.3 build1-0ubuntu0.18.04.1:*:*:*:*:ubuntu:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
