Thunderbird Security Issue and Firefox ESR

Alexzee

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
3,755
Reaction score
2,017
Credits
22,451
The Debian Security Team discovered security issue's in Thunderbird.

Code: 
Moritz Muehlenhoff <[email protected]>
    
3:22 PM (22 minutes ago)
    
to debian-security-announce
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5644-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
March 21, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2023-5388 CVE-2024-0743 CVE-2024-1936 CVE-2024-2607
                 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612
                 CVE-2024-2614 CVE-2024-2616

Multiple security issues were discovered in Thunderbird, which could
result in denial of service, the execution of arbitrary code or leaks
of encrypted email subjects.

Code: 
 the oldstable distribution (bullseye), these problems have been fixed
in version 1:115.9.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 1:115.9.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

I'm glad I didn't install Thunderbird like I was going to.

Still using Gmail and Proton for now.

The Debian Security Team also found security issues in FF ESR.

Code: 
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or information disclosure, bypass of content security policies or
spoofing.

For the oldstable distribution (bullseye), these problems have been fixed
in version 115.9.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 115.9.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

Got both e-mails today-
 


For some reason my FF ESR didn't update automatically this time so I did it manually after seen your post, Thanks
 
Firefox ESR is garbage. If possible you should install full version. As for security leaks, you are glad you didn't install thunderbird but what else do you have installed that has security issues? Hmmm, bet you have no idea. But keep using google GMail because we all know google is perfectly safe and never skims your data.

I have been using thunderbird for years without issue. The security issue is only a problem if the right conditions are met and somebody is targeting you. Is somebody targeting you? Let me splain.... This is similar to bugs bunny cartoon... "You get 1 million dollars for a black eye, as long as you got the black eye from a stampede of wild elephants in your own home between the hours of 3:55 and 4:00 pm on the fourth of july during a hail storm, and one baby zebra."

Is it possible to be hit, yep. Is it likely, Nope. This is why we do updates.
 
LOL Pretty much everything has security issues now and then.

We use responsible disclosure and it tends to work. You should see all the security issues the kernel itself has! If you're glad you didn't install Thunderbird, you're gonna be right tweaked that you installed a Linux kernel.
 
KGIII said:
LOL Pretty much everything has security issues now and then.

We use responsible disclosure and it tends to work. You should see all the security issues the kernel itself has! If you're glad you didn't install Thunderbird, you're gonna be right tweaked that you installed a Linux kernel.
Click to expand...
LOL!

I think using the e-mail client that is on the website where I write my articles for the Linux Community might be a better choice.
 
Alex (hi), I'm moving this to Security.

Thanks for sharing ;)

Chris
 
You must log in or register to reply here.

Members online

Total: 903 (members: 2, guests: 901)

Latest posts

Top