[SECURITY] [DLA 1870-1] thunderbird security update

2019-08-0209:45:59

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

Package : thunderbird
Version : 1:60.8.0-1~deb8u1
CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712
CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730

Multiple security issues have been found in Thunderbird which could
potentially result in the execution of arbitrary code, cross-site
scripting, spoofing, information disclosure, denial of service or
cross-site request forgery.

For Debian 8 "Jessie", these problems have been fixed in version
1:60.8.0-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9allicedove-l10n-sr< 1:60.8.0-1~deb9u1icedove-l10n-sr_1:60.8.0-1~deb9u1_all.deb
Debian10allfirefox-esr-l10n-gn< 60.8.0esr-1~deb10u1firefox-esr-l10n-gn_60.8.0esr-1~deb10u1_all.deb
Debian8allfirefox-esr-l10n-uk< 60.8.0esr-1~deb8u1firefox-esr-l10n-uk_60.8.0esr-1~deb8u1_all.deb
Debian9allicedove-l10n-hsb< 1:60.8.0-1~deb9u1icedove-l10n-hsb_1:60.8.0-1~deb9u1_all.deb
Debian8allthunderbird-l10n-sr< 1:60.8.0-1~deb8u1thunderbird-l10n-sr_1:60.8.0-1~deb8u1_all.deb
Debian9alliceowl-l10n-pl< 1:60.8.0-1~deb9u1iceowl-l10n-pl_1:60.8.0-1~deb9u1_all.deb
Debian8allfirefox-esr-l10n-es-mx< 60.8.0esr-1~deb8u1firefox-esr-l10n-es-mx_60.8.0esr-1~deb8u1_all.deb
Debian8alliceweasel-l10n-fi< 1:60.8.0esr-1~deb8u1iceweasel-l10n-fi_1:60.8.0esr-1~deb8u1_all.deb
Debian10allfirefox-esr-l10n-my< 60.8.0esr-1~deb10u1firefox-esr-l10n-my_60.8.0esr-1~deb10u1_all.deb
Debian8alllightning-l10n-pt-br< 1:60.8.0-1~deb8u1lightning-l10n-pt-br_1:60.8.0-1~deb8u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	icedove-l10n-sr	< 1:60.8.0-1~deb9u1	icedove-l10n-sr_1:60.8.0-1~deb9u1_all.deb
Debian	10	all	firefox-esr-l10n-gn	< 60.8.0esr-1~deb10u1	firefox-esr-l10n-gn_60.8.0esr-1~deb10u1_all.deb
Debian	8	all	firefox-esr-l10n-uk	< 60.8.0esr-1~deb8u1	firefox-esr-l10n-uk_60.8.0esr-1~deb8u1_all.deb
Debian	9	all	icedove-l10n-hsb	< 1:60.8.0-1~deb9u1	icedove-l10n-hsb_1:60.8.0-1~deb9u1_all.deb
Debian	8	all	thunderbird-l10n-sr	< 1:60.8.0-1~deb8u1	thunderbird-l10n-sr_1:60.8.0-1~deb8u1_all.deb
Debian	9	all	iceowl-l10n-pl	< 1:60.8.0-1~deb9u1	iceowl-l10n-pl_1:60.8.0-1~deb9u1_all.deb
Debian	8	all	firefox-esr-l10n-es-mx	< 60.8.0esr-1~deb8u1	firefox-esr-l10n-es-mx_60.8.0esr-1~deb8u1_all.deb
Debian	8	all	iceweasel-l10n-fi	< 1:60.8.0esr-1~deb8u1	iceweasel-l10n-fi_1:60.8.0esr-1~deb8u1_all.deb
Debian	10	all	firefox-esr-l10n-my	< 60.8.0esr-1~deb10u1	firefox-esr-l10n-my_60.8.0esr-1~deb10u1_all.deb
Debian	8	all	lightning-l10n-pt-br	< 1:60.8.0-1~deb8u1	lightning-l10n-pt-br_1:60.8.0-1~deb8u1_all.deb