all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

USN-5943-1: Thunderbird vulnerabilities

Add to bookmarks
March 13, 2023, 4 a.m. |

Ubuntu security notices ubuntu.com

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-0616, CVE-2023-25735,
CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25742,
CVE-2023-25746)

Johan Carlsson discovered that Thunderbird did not properly implement CSP
policy on a header when using iframes. An attacker could potentially
exploits this to exfiltrate data. (CVE-2023-25728) …

browsing bypass code context cross-site csp cve denial of service exploit exploits header iframes information policy restrictions security security issues sensitive information service thunderbird tracing usn vulnerabilities website

Visit resource

More from ubuntu.com / Ubuntu security notices

USN-6778-1: Linux kernel vulnerabilities 2 days, 7 hours ago | ubuntu.com
attacker broadcom crash cve +20
USN-6777-1: Linux kernel vulnerabilities 2 days, 7 hours ago | ubuntu.com
attacker broadcom crash cve +20
USN-6776-1: Linux kernel vulnerabilities 2 days, 8 hours ago | ubuntu.com
attacker broadcom crash cve +20
USN-6775-1: Linux kernel vulnerabilities 2 days, 9 hours ago | ubuntu.com
attacker broadcom crash cve +20
USN-6774-1: Linux kernel vulnerabilities 2 days, 10 hours ago | ubuntu.com
attacker broadcom crash cve +18
USN-6773-1: .NET vulnerabilities 2 days, 11 hours ago | ubuntu.com
attacker code code execution cve +10
USN-6766-2: Linux kernel vulnerabilities 3 days, 9 hours ago | ubuntu.com
action attacker conditions crash +19
USN-6772-1: strongSwan vulnerability 4 days, 13 hours ago | ubuntu.com
access access controls attacker bypass +6
USN-6767-2: Linux kernel (BlueField) vulnerabilities 4 days, 16 hours ago | ubuntu.com
attacker compromise crash cve +18

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com