Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird
A critical memory safety bug has been discovered in Thunderbird 115.0 and Thunderbird 102.13 (CVE-2023-4056). Due to the severity of this vulnerability's threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability Database base score of 9.8 out of 10. Other severe vulnerabilities have also been found in Thunderbird, including improper validation of the Text Direction Override Unicode Character in filenames (CVE-2023-3417) and copying of an untrusted input stream to a stack buffer without checking its size (CVE-2023-4050).
These issues could be exploited to cause a denial of service, obtain sensitive information, bypass security restrictions, perform cross-site tracing, or execute arbitrary code.
Critical updates for Thunderbird have been released that mitigate these severe vulnerabilities. We urge all impacted users to apply the updates issued by Debian, Debian LTS, Oracle, RedHat, Rocky Linux, SciLinux, Slackware, and Ubuntu now to prevent data compromise or loss of system access and to protect their online privacy and security.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).