Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0313 USN-5246-1: Thunderbird vulnerabilities 24 January 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Thunderbird Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2022-22751 CVE-2022-22748 CVE-2022-22747 CVE-2022-22745 CVE-2022-22743 CVE-2022-22742 CVE-2022-22741 CVE-2022-22740 CVE-2022-22739 CVE-2022-22738 CVE-2022-22737 CVE-2021-44538 CVE-2021-43656 CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-43528 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503 CVE-2021-38502 CVE-2021-38501 CVE-2021-38500 CVE-2021-38498 CVE-2021-38497 CVE-2021-38496 CVE-2021-38495 CVE-2021-29991 CVE-2021-29987 CVE-2021-29982 CVE-2021-29981 CVE-2021-4140 CVE-2021-4129 CVE-2021-4126 Reference: ESB-2022.0202 ESB-2022.0173 ESB-2022.0152 ESB-2022.0115 Original Bulletin: https://ubuntu.com/security/notices/USN-5246-1 https://ubuntu.com/security/notices/USN-5248-1 Comment: This bulletin contains two (2) Ubuntu security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5246-1: Thunderbird vulnerabilities 21 January 2022 Several security issues were fixed in Thunderbird. Releases o Ubuntu 21.10 Packages o thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary code. ( CVE-2021-4129 , CVE-2021-4140 , CVE-2021-43536 , CVE-2021-43537 , CVE-2021-43538 , CVE-2021-43539 , CVE-2021-43541 , CVE-2021-43542 , CVE-2021-43543 , CVE-2021-43545 , CVE-2021-43656 , CVE-2022-22737 , CVE-2022-22738 , CVE-2022-22739 , CVE-2022-22740 , CVE-2022-22741 , CVE-2022-22742 , CVE-2022-22743 , CVE-2022-22745 , CVE-2022-22747 , CVE-2022-22748 , CVE-2022-22751 ) It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. ( CVE-2021-43528 ) A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. ( CVE-2021-44538 ) It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. ( CVE-2021-4126 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10 o thunderbird - 1:91.5.0+build1-0ubuntu0.21.10.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References o CVE-2021-4140 o CVE-2021-43541 o CVE-2022-22742 o CVE-2022-22741 o CVE-2021-44538 o CVE-2022-22738 o CVE-2021-43542 o CVE-2022-22751 o CVE-2022-22743 o CVE-2021-43545 o CVE-2022-22740 o CVE-2022-22747 o CVE-2022-22739 o CVE-2021-43546 o CVE-2021-43543 o CVE-2022-22745 o CVE-2022-22737 o CVE-2021-4126 o CVE-2021-43539 o CVE-2021-43537 o CVE-2021-43536 o CVE-2021-43528 o CVE-2021-4129 o CVE-2022-22748 o CVE-2021-43538 Related notices o USN-5248-1 : thunderbird-locale-fi, thunderbird-locale-gd, thunderbird-locale-cy, thunderbird-locale-pa, thunderbird-locale-af, thunderbird-locale-ar, thunderbird, thunderbird-locale-si, thunderbird-locale-hy, thunderbird-locale-mk, thunderbird-locale-rm, thunderbird-locale-ga, thunderbird-locale-bg, thunderbird-locale-et, thunderbird-locale-sq, thunderbird-locale-uz, thunderbird-locale-be, thunderbird-locale-ro, thunderbird-locale-hr, thunderbird-locale-fa, thunderbird-locale-ta-lk, thunderbird-locale-nl, thunderbird-locale-da, thunderbird-locale-bn-bd, thunderbird-locale-es-es, thunderbird-locale-th, thunderbird-locale-el, thunderbird-locale-is, thunderbird-locale-sl, thunderbird-locale-sv-se, thunderbird-locale-ta, thunderbird-locale-pt-pt, thunderbird-locale-vi, thunderbird-locale-en-gb, thunderbird-locale-pa-in, thunderbird-locale-en-us, thunderbird-locale-nn-no, thunderbird-locale-he, thunderbird-locale-ms, thunderbird-locale-id, thunderbird-locale-lt, thunderbird-locale-ko, thunderbird-locale-ru, thunderbird-locale-bn, thunderbird-locale-zh-cn, thunderbird-gnome-support, thunderbird-locale-sv, thunderbird-locale-hu, thunderbird-locale-pt, thunderbird-locale-nb-no, thunderbird-locale-fr, thunderbird-locale-fy, thunderbird-locale-ca, thunderbird-mozsymbols, thunderbird-locale-br, thunderbird-locale-pl, thunderbird-locale-ast, thunderbird-locale-eu, thunderbird-locale-en, thunderbird-locale-ja, thunderbird-locale-kab, thunderbird-locale-dsb, thunderbird-locale-it, xul-ext-calendar-timezones, thunderbird-locale-cs, thunderbird-locale-es, thunderbird-locale-ka, xul-ext-lightning, thunderbird-locale-zh-hans, thunderbird-locale-nn, thunderbird-locale-zh-hant, thunderbird-locale-cak, thunderbird-locale-zh-tw, thunderbird-locale-hsb, thunderbird-locale-lv, thunderbird-locale-tr, thunderbird-dev, thunderbird-locale-pt-br, thunderbird-locale-de, thunderbird-locale-uk, thunderbird-locale-es-ar, thunderbird-locale-gl, thunderbird-locale-kk, thunderbird-locale-sr, thunderbird-locale-ga-ie, xul-ext-gdata-provider, thunderbird-locale-nb, thunderbird-locale-fy-nl, thunderbird-locale-sk o USN-5186-1 : firefox-locale-kab, firefox-locale-id, firefox-locale-fy, firefox-locale-bg, firefox-locale-lg, firefox-locale-mr, firefox-locale-mk, firefox-locale-xh, firefox-locale-eu, firefox-locale-uz, firefox-locale-af, firefox-locale-es, firefox-locale-te, firefox-locale-ur, firefox-locale-pl, firefox-locale-km, firefox-locale-gd, firefox-locale-ga, firefox-locale-ms, firefox-locale-ko, firefox-locale-ja, firefox-locale-fr, firefox-locale-ka, firefox-locale-eo, firefox-locale-hy, firefox-locale-ml, firefox-locale-ne, firefox-locale-ta, firefox-locale-da, firefox-locale-bs, firefox-locale-vi, firefox-locale-nb, firefox-dev, firefox-locale-ca, firefox-locale-nso, firefox-locale-bn, firefox-locale-br, firefox-locale-mai, firefox-locale-en, firefox-locale-nn, firefox-locale-hr, firefox-locale-kk, firefox-locale-tr, firefox-locale-ro, firefox-locale-az, firefox-locale-kn, firefox-locale-lt, firefox-locale-sq, firefox-locale-cs, firefox-locale-mn, firefox-locale-ia, firefox-locale-nl, firefox-locale-sv, firefox-locale-pt, firefox-locale-pa, firefox-geckodriver, firefox-locale-fa, firefox-locale-gl, firefox-locale-oc, firefox-locale-hi, firefox-locale-or, firefox-locale-my, firefox-locale-sr, firefox-locale-ar, firefox, firefox-locale-gu, firefox-locale-ru, firefox-locale-th, firefox-locale-sw, firefox-locale-it, firefox-locale-as, firefox-locale-csb, firefox-locale-szl, firefox-mozsymbols, firefox-locale-ast, firefox-locale-gn, firefox-locale-is, firefox-locale-zh-hant, firefox-locale-si, firefox-locale-cy, firefox-locale-hsb, firefox-locale-el, firefox-locale-de, firefox-locale-lv, firefox-locale-be, firefox-locale-et, firefox-locale-zh-hans, firefox-locale-zu, firefox-locale-he, firefox-locale-fi, firefox-locale-hu, firefox-locale-uk, firefox-locale-ku, firefox-locale-cak, firefox-locale-sl, firefox-locale-sk, firefox-locale-an o USN-5229-1 : firefox-locale-kab, firefox-locale-id, firefox-locale-fy, firefox-locale-bg, firefox-locale-lg, firefox-locale-mr, firefox-locale-mk, firefox-locale-xh, firefox-locale-eu, firefox-locale-uz, firefox-locale-af, firefox-locale-es, firefox-locale-te, firefox-locale-ur, firefox-locale-pl, firefox-locale-km, firefox-locale-gd, firefox-locale-ga, firefox-locale-ms, firefox-locale-ko, firefox-locale-ja, firefox-locale-fr, firefox-locale-ka, firefox-locale-eo, firefox-locale-hy, firefox-locale-ml, firefox-locale-ne, firefox-locale-ta, firefox-locale-da, firefox-locale-bs, firefox-locale-vi, firefox-locale-nb, firefox-dev, firefox-locale-ca, firefox-locale-nso, firefox-locale-bn, firefox-locale-br, firefox-locale-mai, firefox-locale-en, firefox-locale-nn, firefox-locale-hr, firefox-locale-kk, firefox-locale-tr, firefox-locale-ro, firefox-locale-az, firefox-locale-kn, firefox-locale-lt, firefox-locale-sq, firefox-locale-cs, firefox-locale-mn, firefox-locale-ia, firefox-locale-nl, firefox-locale-sv, firefox-locale-pt, firefox-locale-pa, firefox-geckodriver, firefox-locale-fa, firefox-locale-gl, firefox-locale-oc, firefox-locale-hi, firefox-locale-or, firefox-locale-my, firefox-locale-sr, firefox-locale-ar, firefox, firefox-locale-gu, firefox-locale-ru, firefox-locale-th, firefox-locale-sw, firefox-locale-it, firefox-locale-as, firefox-locale-csb, firefox-locale-szl, firefox-mozsymbols, firefox-locale-ast, firefox-locale-gn, firefox-locale-is, firefox-locale-zh-hant, firefox-locale-si, firefox-locale-cy, firefox-locale-hsb, firefox-locale-el, firefox-locale-de, firefox-locale-lv, firefox-locale-be, firefox-locale-et, firefox-locale-zh-hans, firefox-locale-zu, firefox-locale-he, firefox-locale-fi, firefox-locale-hu, firefox-locale-uk, firefox-locale-ku, firefox-locale-cak, firefox-locale-sl, firefox-locale-sk, firefox-locale-an - ------------------------------------------------------------------------------ USN-5248-1: Thunderbird vulnerabilities 21 January 2022 Several security issues were fixed in Thunderbird. Releases o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code. ( CVE-2021-4129 , CVE-2021-4140 , CVE-2021-29981 , CVE-2021-29982 , CVE-2021-29987 , CVE-2021-29991 , CVE-2021-38495 , CVE-2021-38496 , CVE-2021-38497 , CVE-2021-38498 , CVE-2021-38500 , CVE-2021-38501 , CVE-2021-38503 , CVE-2021-38504 , CVE-2021-38506 , CVE-2021-38507 , CVE-2021-38508 , CVE-2021-38509 , CVE-2021-43534 , CVE-2021-43535 , CVE-2021-43536 , CVE-2021-43537 , CVE-2021-43538 , CVE-2021-43539 , CVE-2021-43541 , CVE-2021-43542 , CVE-2021-43543 , CVE-2021-43545 , CVE-2021-43656 , CVE-2022-22737 , CVE-2022-22738 , CVE-2022-22739 , CVE-2022-22740 , CVE-2022-22741 , CVE-2022-22742 , CVE-2022-22743 , CVE-2022-22745 , CVE-2022-22747 , CVE-2022-22748 , CVE-2022-22751 ) It was discovered that Thunderbird ignored the configuration to require STARTTLS for an SMTP connection. A person-in-the-middle could potentially exploit this to perform a downgrade attack in order to intercept messages or take control of a session. ( CVE-2021-38502 ) It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. ( CVE-2021-43528 ) A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. ( CVE-2021-44538 ) It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. ( CVE-2021-4126 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 o thunderbird - 1:91.5.0+build1-0ubuntu0.20.04.1 Ubuntu 18.04 o thunderbird - 1:91.5.0+build1-0ubuntu0.18.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References o CVE-2022-22742 o CVE-2021-43543 o CVE-2021-43546 o CVE-2021-4126 o CVE-2021-38500 o CVE-2021-4140 o CVE-2022-22747 o CVE-2021-38506 o CVE-2021-43528 o CVE-2021-38496 o CVE-2021-43534 o CVE-2021-43536 o CVE-2022-22745 o CVE-2022-22741 o CVE-2021-29991 o CVE-2021-38509 o CVE-2021-38498 o CVE-2021-29982 o CVE-2021-43545 o CVE-2021-38495 o CVE-2021-38497 o CVE-2022-22737 o CVE-2021-38504 o CVE-2021-43541 o CVE-2022-22738 o CVE-2021-44538 o CVE-2022-22740 o CVE-2021-4129 o CVE-2021-38502 o CVE-2022-22751 o CVE-2021-43537 o CVE-2022-22748 o CVE-2021-43542 o CVE-2022-22743 o CVE-2021-38507 o CVE-2021-29981 o CVE-2021-43538 o CVE-2021-43535 o CVE-2022-22739 o CVE-2021-38501 o CVE-2021-29987 o CVE-2021-38508 o CVE-2021-38503 o CVE-2021-43539 Related notices o USN-5037-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu, firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi, firefox-locale-da, firefox-mozsymbols, firefox-geckodriver, firefox-locale-nso, firefox-locale-ml, firefox-locale-ko, firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el, firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy, firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en, firefox-locale-is, firefox-locale-ar, firefox-locale-csb, firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk, firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox, firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as, firefox-locale-hsb, firefox-locale-br, firefox-locale-pa, firefox-locale-lt, firefox-locale-es, firefox-locale-mr, firefox-locale-mai, firefox-locale-kab, firefox-locale-id, firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms, firefox-locale-gu, firefox-locale-pt, firefox-locale-cy, firefox-locale-szl, firefox-locale-nb, firefox-locale-fa, firefox-locale-hr, firefox-locale-hu, firefox-locale-cak, firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be, firefox-locale-kk, firefox-locale-ast, firefox-locale-sw, firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo, firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr, firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et, firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja, firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant, firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr, firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur, firefox-dev, firefox-locale-af o USN-5186-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu, firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi, firefox-locale-da, firefox-mozsymbols, firefox-geckodriver, firefox-locale-nso, firefox-locale-ml, firefox-locale-ko, firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el, firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy, firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en, firefox-locale-is, firefox-locale-ar, firefox-locale-csb, firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk, firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox, firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as, firefox-locale-hsb, firefox-locale-br, firefox-locale-pa, firefox-locale-lt, firefox-locale-es, firefox-locale-mr, firefox-locale-mai, firefox-locale-kab, firefox-locale-id, firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms, firefox-locale-gu, firefox-locale-pt, firefox-locale-cy, firefox-locale-szl, firefox-locale-nb, firefox-locale-fa, firefox-locale-hr, firefox-locale-hu, firefox-locale-cak, firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be, firefox-locale-kk, firefox-locale-ast, firefox-locale-sw, firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo, firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr, firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et, firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja, firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant, firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr, firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur, firefox-dev, firefox-locale-af o USN-5131-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu, firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi, firefox-locale-da, firefox-mozsymbols, firefox-geckodriver, firefox-locale-nso, firefox-locale-ml, firefox-locale-ko, firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el, firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy, firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en, firefox-locale-is, firefox-locale-ar, firefox-locale-csb, firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk, firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox, firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as, firefox-locale-hsb, firefox-locale-br, firefox-locale-pa, firefox-locale-lt, firefox-locale-es, firefox-locale-mr, firefox-locale-mai, firefox-locale-kab, firefox-locale-id, firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms, firefox-locale-gu, firefox-locale-pt, firefox-locale-cy, firefox-locale-szl, firefox-locale-nb, firefox-locale-fa, firefox-locale-hr, firefox-locale-hu, firefox-locale-cak, firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be, firefox-locale-kk, firefox-locale-ast, firefox-locale-sw, firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo, firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr, firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et, firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja, firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant, firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr, firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur, firefox-dev, firefox-locale-af o USN-5229-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu, firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi, firefox-locale-da, firefox-mozsymbols, firefox-geckodriver, firefox-locale-nso, firefox-locale-ml, firefox-locale-ko, firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el, firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy, firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en, firefox-locale-is, firefox-locale-ar, firefox-locale-csb, firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk, firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox, firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as, firefox-locale-hsb, firefox-locale-br, firefox-locale-pa, firefox-locale-lt, firefox-locale-es, firefox-locale-mr, firefox-locale-mai, firefox-locale-kab, firefox-locale-id, firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms, firefox-locale-gu, firefox-locale-pt, firefox-locale-cy, firefox-locale-szl, firefox-locale-nb, firefox-locale-fa, firefox-locale-hr, firefox-locale-hu, firefox-locale-cak, firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be, firefox-locale-kk, firefox-locale-ast, firefox-locale-sw, firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo, firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr, firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et, firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja, firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant, firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr, firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur, firefox-dev, firefox-locale-af o USN-5132-1 : thunderbird-locale-vi, thunderbird-locale-zh-tw, thunderbird-locale-et, thunderbird-locale-eu, thunderbird-locale-bn-bd, thunderbird-locale-ru, thunderbird-locale-fy-nl, thunderbird-locale-hr, thunderbird-locale-lt, thunderbird-locale-sv, thunderbird-dev, thunderbird-locale-zh-hant, thunderbird-locale-af, thunderbird-locale-kk, thunderbird-locale-ar, thunderbird, thunderbird-locale-da, thunderbird-locale-rm, thunderbird-locale-ms, thunderbird-locale-uk, thunderbird-locale-en-us, xul-ext-calendar-timezones, thunderbird-locale-sq, xul-ext-gdata-provider, thunderbird-gnome-support, xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-pt-br, thunderbird-locale-he, thunderbird-locale-id, thunderbird-locale-sr, thunderbird-locale-zh-hans, thunderbird-locale-be, thunderbird-locale-gd, thunderbird-locale-hy, thunderbird-locale-de, thunderbird-locale-bg, thunderbird-locale-fi, thunderbird-locale-nb, thunderbird-locale-ga-ie, thunderbird-locale-el, thunderbird-locale-sk, thunderbird-locale-si, thunderbird-locale-nn, thunderbird-mozsymbols, thunderbird-locale-bn, thunderbird-locale-th, thunderbird-locale-is, thunderbird-locale-cs, thunderbird-locale-pa, thunderbird-locale-ta, thunderbird-locale-pl, thunderbird-locale-es-ar, thunderbird-locale-ko, thunderbird-locale-pa-in, thunderbird-locale-ga, thunderbird-locale-nl, thunderbird-locale-pt, thunderbird-locale-pt-pt, thunderbird-locale-ja, thunderbird-locale-kab, thunderbird-locale-en, thunderbird-locale-mk, thunderbird-locale-fy, thunderbird-locale-es-es, thunderbird-locale-gl, thunderbird-locale-zh-cn, thunderbird-locale-cak, thunderbird-locale-ta-lk, thunderbird-locale-nb-no, thunderbird-locale-it, thunderbird-locale-hu, thunderbird-locale-cy, thunderbird-locale-fa, thunderbird-locale-ca, thunderbird-locale-dsb, thunderbird-locale-uz, thunderbird-locale-en-gb, thunderbird-locale-hsb, thunderbird-locale-ast, thunderbird-locale-lv, thunderbird-locale-ro, thunderbird-locale-br, thunderbird-locale-es, thunderbird-locale-tr, thunderbird-locale-fr, thunderbird-locale-sl, thunderbird-locale-sv-se, thunderbird-locale-ka o USN-5246-1 : thunderbird-locale-vi, thunderbird-locale-zh-tw, thunderbird-locale-et, thunderbird-locale-eu, thunderbird-locale-bn-bd, thunderbird-locale-ru, thunderbird-locale-fy-nl, thunderbird-locale-hr, thunderbird-locale-lt, thunderbird-locale-sv, thunderbird-dev, thunderbird-locale-zh-hant, thunderbird-locale-af, thunderbird-locale-kk, thunderbird-locale-ar, thunderbird, thunderbird-locale-da, thunderbird-locale-rm, thunderbird-locale-ms, thunderbird-locale-uk, thunderbird-locale-en-us, xul-ext-calendar-timezones, thunderbird-locale-sq, xul-ext-gdata-provider, thunderbird-gnome-support, xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-pt-br, thunderbird-locale-he, thunderbird-locale-id, thunderbird-locale-sr, thunderbird-locale-zh-hans, thunderbird-locale-be, thunderbird-locale-gd, thunderbird-locale-hy, thunderbird-locale-de, thunderbird-locale-bg, thunderbird-locale-fi, thunderbird-locale-nb, thunderbird-locale-ga-ie, thunderbird-locale-el, thunderbird-locale-sk, thunderbird-locale-si, thunderbird-locale-nn, thunderbird-mozsymbols, thunderbird-locale-bn, thunderbird-locale-th, thunderbird-locale-is, thunderbird-locale-cs, thunderbird-locale-pa, thunderbird-locale-ta, thunderbird-locale-pl, thunderbird-locale-es-ar, thunderbird-locale-ko, thunderbird-locale-pa-in, thunderbird-locale-ga, thunderbird-locale-nl, thunderbird-locale-pt, thunderbird-locale-pt-pt, thunderbird-locale-ja, thunderbird-locale-kab, thunderbird-locale-en, thunderbird-locale-mk, thunderbird-locale-fy, thunderbird-locale-es-es, thunderbird-locale-gl, thunderbird-locale-zh-cn, thunderbird-locale-cak, thunderbird-locale-ta-lk, thunderbird-locale-nb-no, thunderbird-locale-it, thunderbird-locale-hu, thunderbird-locale-cy, thunderbird-locale-fa, thunderbird-locale-ca, thunderbird-locale-dsb, thunderbird-locale-uz, thunderbird-locale-en-gb, thunderbird-locale-hsb, thunderbird-locale-ast, thunderbird-locale-lv, thunderbird-locale-ro, thunderbird-locale-br, thunderbird-locale-es, thunderbird-locale-tr, thunderbird-locale-fr, thunderbird-locale-sl, thunderbird-locale-sv-se, thunderbird-locale-ka o USN-5152-1 : thunderbird-locale-vi, thunderbird-locale-zh-tw, thunderbird-locale-et, thunderbird-locale-eu, thunderbird-locale-bn-bd, thunderbird-locale-ru, thunderbird-locale-fy-nl, thunderbird-locale-hr, thunderbird-locale-lt, thunderbird-locale-sv, thunderbird-dev, thunderbird-locale-zh-hant, thunderbird-locale-af, thunderbird-locale-kk, thunderbird-locale-ar, thunderbird, thunderbird-locale-da, thunderbird-locale-rm, thunderbird-locale-ms, thunderbird-locale-uk, thunderbird-locale-en-us, xul-ext-calendar-timezones, thunderbird-locale-sq, xul-ext-gdata-provider, thunderbird-gnome-support, xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-pt-br, thunderbird-locale-he, thunderbird-locale-id, thunderbird-locale-sr, thunderbird-locale-zh-hans, thunderbird-locale-be, thunderbird-locale-gd, thunderbird-locale-hy, thunderbird-locale-de, thunderbird-locale-bg, thunderbird-locale-fi, thunderbird-locale-nb, thunderbird-locale-ga-ie, thunderbird-locale-el, thunderbird-locale-sk, thunderbird-locale-si, thunderbird-locale-nn, thunderbird-mozsymbols, thunderbird-locale-bn, thunderbird-locale-th, thunderbird-locale-is, thunderbird-locale-cs, thunderbird-locale-pa, thunderbird-locale-ta, thunderbird-locale-pl, thunderbird-locale-es-ar, thunderbird-locale-ko, thunderbird-locale-pa-in, thunderbird-locale-ga, thunderbird-locale-nl, thunderbird-locale-pt, thunderbird-locale-pt-pt, thunderbird-locale-ja, thunderbird-locale-kab, thunderbird-locale-en, thunderbird-locale-mk, thunderbird-locale-fy, thunderbird-locale-es-es, thunderbird-locale-gl, thunderbird-locale-zh-cn, thunderbird-locale-cak, thunderbird-locale-ta-lk, thunderbird-locale-nb-no, thunderbird-locale-it, thunderbird-locale-hu, thunderbird-locale-cy, thunderbird-locale-fa, thunderbird-locale-ca, thunderbird-locale-dsb, thunderbird-locale-uz, thunderbird-locale-en-gb, thunderbird-locale-hsb, thunderbird-locale-ast, thunderbird-locale-lv, thunderbird-locale-ro, thunderbird-locale-br, thunderbird-locale-es, thunderbird-locale-tr, thunderbird-locale-fr, thunderbird-locale-sl, thunderbird-locale-sv-se, thunderbird-locale-ka o USN-5107-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu, firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi, firefox-locale-da, firefox-mozsymbols, firefox-geckodriver, firefox-locale-nso, firefox-locale-ml, firefox-locale-ko, firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el, firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy, firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en, firefox-locale-is, firefox-locale-ar, firefox-locale-csb, firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk, firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox, firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as, firefox-locale-hsb, firefox-locale-br, firefox-locale-pa, firefox-locale-lt, firefox-locale-es, firefox-locale-mr, firefox-locale-mai, firefox-locale-kab, firefox-locale-id, firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms, firefox-locale-gu, firefox-locale-pt, firefox-locale-cy, firefox-locale-szl, firefox-locale-nb, firefox-locale-fa, firefox-locale-hr, firefox-locale-hu, firefox-locale-cak, firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be, firefox-locale-kk, firefox-locale-ast, firefox-locale-sw, firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo, firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr, firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et, firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja, firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant, firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr, firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur, firefox-dev, firefox-locale-af o USN-5047-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu, firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi, firefox-locale-da, firefox-mozsymbols, firefox-geckodriver, firefox-locale-nso, firefox-locale-ml, firefox-locale-ko, firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el, firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy, firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en, firefox-locale-is, firefox-locale-ar, firefox-locale-csb, firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk, firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox, firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as, firefox-locale-hsb, firefox-locale-br, firefox-locale-pa, firefox-locale-lt, firefox-locale-es, firefox-locale-mr, firefox-locale-mai, firefox-locale-kab, firefox-locale-id, firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms, firefox-locale-gu, firefox-locale-pt, firefox-locale-cy, firefox-locale-szl, firefox-locale-nb, firefox-locale-fa, firefox-locale-hr, firefox-locale-hu, firefox-locale-cak, firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be, firefox-locale-kk, firefox-locale-ast, firefox-locale-sw, firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo, firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr, firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et, firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja, firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant, firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr, firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur, firefox-dev, firefox-locale-af - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYe4E+ONLKJtyKPYoAQg3ug//f9szZU0EUdzTRITVkzU4U+cTaX53X/0y S8gEIQt8iLPmjav4sAeQT0cDS55LHURu4l6N8f96Ec93S/NpmErmMq51e31r2w3L DyYcHnmiLKHxJSS6P0JdBFfclcpIFVXr0k+6TdLtxwczXcF8NwvtzD3NtMzluhP5 2cZpvQ1hpa4Z60VREZl8Tj9iT17p7wY3cyOqBkqFT6FJyeCn7Oi30LNdZmzki9rr e9ZodPSfjlahaH/o5fGszcG2FXx3b3MnRpQ0UBWRKDbK7rkEaj1XaIgPillpxpzl W4kteT/bFEYRpsUV0FLHm9KrFTzv3UL9XJC4o/7F6DVkFsd5w5/g7jW8E/yJ2DfO GqZ9OU5sCpUq3koxjO8x2pDurXaD09fI7smCchSUE0R95YAmExPv729Q63yNSohU xd/+kQKkI4/icL8PmZWwOlo072qV+Tksj3nUHOkzPJPMCNH90DQ2aTRNgGCf1XU/ AkCt/Rrm23jeaazdZBNbAzCqvK9mEYwApheBfrMhJPelosiYtKrbhyK0DfT4gUk3 lqQuqzG5FF5DoamTB3P8/wH8D84TX2rULLr9XjWR0Vj1p3546zvC6sEYTadVQLrI ilRC+guFGI2+Bwzu0UByCVBhVcEH1CsDkX8w0AzebNXNgz2ohn7ngamb+xbLZieC nIKBCemKhgI= =kjRg -----END PGP SIGNATURE-----