-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.0313
                  USN-5246-1: Thunderbird vulnerabilities
                              24 January 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Thunderbird
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-22751 CVE-2022-22748 CVE-2022-22747
                   CVE-2022-22745 CVE-2022-22743 CVE-2022-22742
                   CVE-2022-22741 CVE-2022-22740 CVE-2022-22739
                   CVE-2022-22738 CVE-2022-22737 CVE-2021-44538
                   CVE-2021-43656 CVE-2021-43546 CVE-2021-43545
                   CVE-2021-43543 CVE-2021-43542 CVE-2021-43541
                   CVE-2021-43539 CVE-2021-43538 CVE-2021-43537
                   CVE-2021-43536 CVE-2021-43535 CVE-2021-43534
                   CVE-2021-43528 CVE-2021-38509 CVE-2021-38508
                   CVE-2021-38507 CVE-2021-38506 CVE-2021-38504
                   CVE-2021-38503 CVE-2021-38502 CVE-2021-38501
                   CVE-2021-38500 CVE-2021-38498 CVE-2021-38497
                   CVE-2021-38496 CVE-2021-38495 CVE-2021-29991
                   CVE-2021-29987 CVE-2021-29982 CVE-2021-29981
                   CVE-2021-4140 CVE-2021-4129 CVE-2021-4126

Reference:         ESB-2022.0202
                   ESB-2022.0173
                   ESB-2022.0152
                   ESB-2022.0115

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-5246-1
   https://ubuntu.com/security/notices/USN-5248-1

Comment: This bulletin contains two (2) Ubuntu security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-5246-1: Thunderbird vulnerabilities
21 January 2022

Several security issues were fixed in Thunderbird.
Releases

  o Ubuntu 21.10

Packages

  o thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, conduct spoofing attacks, bypass security
restrictions, or execute arbitrary code. ( CVE-2021-4129 , CVE-2021-4140 ,
CVE-2021-43536 , CVE-2021-43537 , CVE-2021-43538 , CVE-2021-43539 ,
CVE-2021-43541 , CVE-2021-43542 , CVE-2021-43543 , CVE-2021-43545 ,
CVE-2021-43656 , CVE-2022-22737 , CVE-2022-22738 , CVE-2022-22739 ,
CVE-2022-22740 , CVE-2022-22741 , CVE-2022-22742 , CVE-2022-22743 ,
CVE-2022-22745 , CVE-2022-22747 , CVE-2022-22748 , CVE-2022-22751 )

It was discovered that JavaScript was unexpectedly enabled in the
composition area. An attacker could potentially exploit this in
combination with another vulnerability, with unspecified impacts.
( CVE-2021-43528 )

A buffer overflow was discovered in the Matrix chat library bundled with
Thunderbird. An attacker could potentially exploit this to cause a denial
of service, or execute arbitrary code. ( CVE-2021-44538 )

It was discovered that Thunderbird's OpenPGP integration only considered
the inner signed message when checking signature validity in a message
that contains an additional outer MIME layer. An attacker could
potentially exploit this to trick the user into thinking that a message
has a valid signature. ( CVE-2021-4126 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 21.10

  o thunderbird - 1:91.5.0+build1-0ubuntu0.21.10.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

  o CVE-2021-4140
  o CVE-2021-43541
  o CVE-2022-22742
  o CVE-2022-22741
  o CVE-2021-44538
  o CVE-2022-22738
  o CVE-2021-43542
  o CVE-2022-22751
  o CVE-2022-22743
  o CVE-2021-43545
  o CVE-2022-22740
  o CVE-2022-22747
  o CVE-2022-22739
  o CVE-2021-43546
  o CVE-2021-43543
  o CVE-2022-22745
  o CVE-2022-22737
  o CVE-2021-4126
  o CVE-2021-43539
  o CVE-2021-43537
  o CVE-2021-43536
  o CVE-2021-43528
  o CVE-2021-4129
  o CVE-2022-22748
  o CVE-2021-43538

Related notices

  o USN-5248-1 : thunderbird-locale-fi, thunderbird-locale-gd,
    thunderbird-locale-cy, thunderbird-locale-pa, thunderbird-locale-af,
    thunderbird-locale-ar, thunderbird, thunderbird-locale-si,
    thunderbird-locale-hy, thunderbird-locale-mk, thunderbird-locale-rm,
    thunderbird-locale-ga, thunderbird-locale-bg, thunderbird-locale-et,
    thunderbird-locale-sq, thunderbird-locale-uz, thunderbird-locale-be,
    thunderbird-locale-ro, thunderbird-locale-hr, thunderbird-locale-fa,
    thunderbird-locale-ta-lk, thunderbird-locale-nl, thunderbird-locale-da,
    thunderbird-locale-bn-bd, thunderbird-locale-es-es, thunderbird-locale-th,
    thunderbird-locale-el, thunderbird-locale-is, thunderbird-locale-sl,
    thunderbird-locale-sv-se, thunderbird-locale-ta, thunderbird-locale-pt-pt,
    thunderbird-locale-vi, thunderbird-locale-en-gb, thunderbird-locale-pa-in,
    thunderbird-locale-en-us, thunderbird-locale-nn-no, thunderbird-locale-he,
    thunderbird-locale-ms, thunderbird-locale-id, thunderbird-locale-lt,
    thunderbird-locale-ko, thunderbird-locale-ru, thunderbird-locale-bn,
    thunderbird-locale-zh-cn, thunderbird-gnome-support, thunderbird-locale-sv,
    thunderbird-locale-hu, thunderbird-locale-pt, thunderbird-locale-nb-no,
    thunderbird-locale-fr, thunderbird-locale-fy, thunderbird-locale-ca,
    thunderbird-mozsymbols, thunderbird-locale-br, thunderbird-locale-pl,
    thunderbird-locale-ast, thunderbird-locale-eu, thunderbird-locale-en,
    thunderbird-locale-ja, thunderbird-locale-kab, thunderbird-locale-dsb,
    thunderbird-locale-it, xul-ext-calendar-timezones, thunderbird-locale-cs,
    thunderbird-locale-es, thunderbird-locale-ka, xul-ext-lightning,
    thunderbird-locale-zh-hans, thunderbird-locale-nn,
    thunderbird-locale-zh-hant, thunderbird-locale-cak,
    thunderbird-locale-zh-tw, thunderbird-locale-hsb, thunderbird-locale-lv,
    thunderbird-locale-tr, thunderbird-dev, thunderbird-locale-pt-br,
    thunderbird-locale-de, thunderbird-locale-uk, thunderbird-locale-es-ar,
    thunderbird-locale-gl, thunderbird-locale-kk, thunderbird-locale-sr,
    thunderbird-locale-ga-ie, xul-ext-gdata-provider, thunderbird-locale-nb,
    thunderbird-locale-fy-nl, thunderbird-locale-sk
  o USN-5186-1 : firefox-locale-kab, firefox-locale-id, firefox-locale-fy,
    firefox-locale-bg, firefox-locale-lg, firefox-locale-mr, firefox-locale-mk,
    firefox-locale-xh, firefox-locale-eu, firefox-locale-uz, firefox-locale-af,
    firefox-locale-es, firefox-locale-te, firefox-locale-ur, firefox-locale-pl,
    firefox-locale-km, firefox-locale-gd, firefox-locale-ga, firefox-locale-ms,
    firefox-locale-ko, firefox-locale-ja, firefox-locale-fr, firefox-locale-ka,
    firefox-locale-eo, firefox-locale-hy, firefox-locale-ml, firefox-locale-ne,
    firefox-locale-ta, firefox-locale-da, firefox-locale-bs, firefox-locale-vi,
    firefox-locale-nb, firefox-dev, firefox-locale-ca, firefox-locale-nso,
    firefox-locale-bn, firefox-locale-br, firefox-locale-mai,
    firefox-locale-en, firefox-locale-nn, firefox-locale-hr, firefox-locale-kk,
    firefox-locale-tr, firefox-locale-ro, firefox-locale-az, firefox-locale-kn,
    firefox-locale-lt, firefox-locale-sq, firefox-locale-cs, firefox-locale-mn,
    firefox-locale-ia, firefox-locale-nl, firefox-locale-sv, firefox-locale-pt,
    firefox-locale-pa, firefox-geckodriver, firefox-locale-fa,
    firefox-locale-gl, firefox-locale-oc, firefox-locale-hi, firefox-locale-or,
    firefox-locale-my, firefox-locale-sr, firefox-locale-ar, firefox,
    firefox-locale-gu, firefox-locale-ru, firefox-locale-th, firefox-locale-sw,
    firefox-locale-it, firefox-locale-as, firefox-locale-csb,
    firefox-locale-szl, firefox-mozsymbols, firefox-locale-ast,
    firefox-locale-gn, firefox-locale-is, firefox-locale-zh-hant,
    firefox-locale-si, firefox-locale-cy, firefox-locale-hsb,
    firefox-locale-el, firefox-locale-de, firefox-locale-lv, firefox-locale-be,
    firefox-locale-et, firefox-locale-zh-hans, firefox-locale-zu,
    firefox-locale-he, firefox-locale-fi, firefox-locale-hu, firefox-locale-uk,
    firefox-locale-ku, firefox-locale-cak, firefox-locale-sl,
    firefox-locale-sk, firefox-locale-an
  o USN-5229-1 : firefox-locale-kab, firefox-locale-id, firefox-locale-fy,
    firefox-locale-bg, firefox-locale-lg, firefox-locale-mr, firefox-locale-mk,
    firefox-locale-xh, firefox-locale-eu, firefox-locale-uz, firefox-locale-af,
    firefox-locale-es, firefox-locale-te, firefox-locale-ur, firefox-locale-pl,
    firefox-locale-km, firefox-locale-gd, firefox-locale-ga, firefox-locale-ms,
    firefox-locale-ko, firefox-locale-ja, firefox-locale-fr, firefox-locale-ka,
    firefox-locale-eo, firefox-locale-hy, firefox-locale-ml, firefox-locale-ne,
    firefox-locale-ta, firefox-locale-da, firefox-locale-bs, firefox-locale-vi,
    firefox-locale-nb, firefox-dev, firefox-locale-ca, firefox-locale-nso,
    firefox-locale-bn, firefox-locale-br, firefox-locale-mai,
    firefox-locale-en, firefox-locale-nn, firefox-locale-hr, firefox-locale-kk,
    firefox-locale-tr, firefox-locale-ro, firefox-locale-az, firefox-locale-kn,
    firefox-locale-lt, firefox-locale-sq, firefox-locale-cs, firefox-locale-mn,
    firefox-locale-ia, firefox-locale-nl, firefox-locale-sv, firefox-locale-pt,
    firefox-locale-pa, firefox-geckodriver, firefox-locale-fa,
    firefox-locale-gl, firefox-locale-oc, firefox-locale-hi, firefox-locale-or,
    firefox-locale-my, firefox-locale-sr, firefox-locale-ar, firefox,
    firefox-locale-gu, firefox-locale-ru, firefox-locale-th, firefox-locale-sw,
    firefox-locale-it, firefox-locale-as, firefox-locale-csb,
    firefox-locale-szl, firefox-mozsymbols, firefox-locale-ast,
    firefox-locale-gn, firefox-locale-is, firefox-locale-zh-hant,
    firefox-locale-si, firefox-locale-cy, firefox-locale-hsb,
    firefox-locale-el, firefox-locale-de, firefox-locale-lv, firefox-locale-be,
    firefox-locale-et, firefox-locale-zh-hans, firefox-locale-zu,
    firefox-locale-he, firefox-locale-fi, firefox-locale-hu, firefox-locale-uk,
    firefox-locale-ku, firefox-locale-cak, firefox-locale-sl,
    firefox-locale-sk, firefox-locale-an


- ------------------------------------------------------------------------------


USN-5248-1: Thunderbird vulnerabilities
21 January 2022

Several security issues were fixed in Thunderbird.
Releases

  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS

Packages

  o thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, trick a user into accepting unwanted
permissions, conduct header splitting attacks, conduct spoofing attacks,
bypass security restrictions, confuse the user, or execute arbitrary code.
( CVE-2021-4129 , CVE-2021-4140 , CVE-2021-29981 , CVE-2021-29982 ,
CVE-2021-29987 , CVE-2021-29991 , CVE-2021-38495 , CVE-2021-38496 ,
CVE-2021-38497 , CVE-2021-38498 , CVE-2021-38500 , CVE-2021-38501 ,
CVE-2021-38503 , CVE-2021-38504 , CVE-2021-38506 , CVE-2021-38507 ,
CVE-2021-38508 , CVE-2021-38509 , CVE-2021-43534 , CVE-2021-43535 ,
CVE-2021-43536 , CVE-2021-43537 , CVE-2021-43538 , CVE-2021-43539 ,
CVE-2021-43541 , CVE-2021-43542 , CVE-2021-43543 , CVE-2021-43545 ,
CVE-2021-43656 , CVE-2022-22737 , CVE-2022-22738 , CVE-2022-22739 ,
CVE-2022-22740 , CVE-2022-22741 , CVE-2022-22742 , CVE-2022-22743 ,
CVE-2022-22745 , CVE-2022-22747 , CVE-2022-22748 , CVE-2022-22751 )

It was discovered that Thunderbird ignored the configuration to require
STARTTLS for an SMTP connection. A person-in-the-middle could potentially
exploit this to perform a downgrade attack in order to intercept messages
or take control of a session. ( CVE-2021-38502 )

It was discovered that JavaScript was unexpectedly enabled in the
composition area. An attacker could potentially exploit this in
combination with another vulnerability, with unspecified impacts.
( CVE-2021-43528 )

A buffer overflow was discovered in the Matrix chat library bundled with
Thunderbird. An attacker could potentially exploit this to cause a denial
of service, or execute arbitrary code. ( CVE-2021-44538 )

It was discovered that Thunderbird's OpenPGP integration only considered
the inner signed message when checking signature validity in a message
that contains an additional outer MIME layer. An attacker could
potentially exploit this to trick the user into thinking that a message
has a valid signature. ( CVE-2021-4126 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o thunderbird - 1:91.5.0+build1-0ubuntu0.20.04.1

Ubuntu 18.04

  o thunderbird - 1:91.5.0+build1-0ubuntu0.18.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

  o CVE-2022-22742
  o CVE-2021-43543
  o CVE-2021-43546
  o CVE-2021-4126
  o CVE-2021-38500
  o CVE-2021-4140
  o CVE-2022-22747
  o CVE-2021-38506
  o CVE-2021-43528
  o CVE-2021-38496
  o CVE-2021-43534
  o CVE-2021-43536
  o CVE-2022-22745
  o CVE-2022-22741
  o CVE-2021-29991
  o CVE-2021-38509
  o CVE-2021-38498
  o CVE-2021-29982
  o CVE-2021-43545
  o CVE-2021-38495
  o CVE-2021-38497
  o CVE-2022-22737
  o CVE-2021-38504
  o CVE-2021-43541
  o CVE-2022-22738
  o CVE-2021-44538
  o CVE-2022-22740
  o CVE-2021-4129
  o CVE-2021-38502
  o CVE-2022-22751
  o CVE-2021-43537
  o CVE-2022-22748
  o CVE-2021-43542
  o CVE-2022-22743
  o CVE-2021-38507
  o CVE-2021-29981
  o CVE-2021-43538
  o CVE-2021-43535
  o CVE-2022-22739
  o CVE-2021-38501
  o CVE-2021-29987
  o CVE-2021-38508
  o CVE-2021-38503
  o CVE-2021-43539

Related notices

  o USN-5037-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu,
    firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi,
    firefox-locale-da, firefox-mozsymbols, firefox-geckodriver,
    firefox-locale-nso, firefox-locale-ml, firefox-locale-ko,
    firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el,
    firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy,
    firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en,
    firefox-locale-is, firefox-locale-ar, firefox-locale-csb,
    firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk,
    firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox,
    firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as,
    firefox-locale-hsb, firefox-locale-br, firefox-locale-pa,
    firefox-locale-lt, firefox-locale-es, firefox-locale-mr,
    firefox-locale-mai, firefox-locale-kab, firefox-locale-id,
    firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms,
    firefox-locale-gu, firefox-locale-pt, firefox-locale-cy,
    firefox-locale-szl, firefox-locale-nb, firefox-locale-fa,
    firefox-locale-hr, firefox-locale-hu, firefox-locale-cak,
    firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be,
    firefox-locale-kk, firefox-locale-ast, firefox-locale-sw,
    firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo,
    firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr,
    firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et,
    firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja,
    firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant,
    firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr,
    firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur,
    firefox-dev, firefox-locale-af
  o USN-5186-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu,
    firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi,
    firefox-locale-da, firefox-mozsymbols, firefox-geckodriver,
    firefox-locale-nso, firefox-locale-ml, firefox-locale-ko,
    firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el,
    firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy,
    firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en,
    firefox-locale-is, firefox-locale-ar, firefox-locale-csb,
    firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk,
    firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox,
    firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as,
    firefox-locale-hsb, firefox-locale-br, firefox-locale-pa,
    firefox-locale-lt, firefox-locale-es, firefox-locale-mr,
    firefox-locale-mai, firefox-locale-kab, firefox-locale-id,
    firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms,
    firefox-locale-gu, firefox-locale-pt, firefox-locale-cy,
    firefox-locale-szl, firefox-locale-nb, firefox-locale-fa,
    firefox-locale-hr, firefox-locale-hu, firefox-locale-cak,
    firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be,
    firefox-locale-kk, firefox-locale-ast, firefox-locale-sw,
    firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo,
    firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr,
    firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et,
    firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja,
    firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant,
    firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr,
    firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur,
    firefox-dev, firefox-locale-af
  o USN-5131-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu,
    firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi,
    firefox-locale-da, firefox-mozsymbols, firefox-geckodriver,
    firefox-locale-nso, firefox-locale-ml, firefox-locale-ko,
    firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el,
    firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy,
    firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en,
    firefox-locale-is, firefox-locale-ar, firefox-locale-csb,
    firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk,
    firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox,
    firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as,
    firefox-locale-hsb, firefox-locale-br, firefox-locale-pa,
    firefox-locale-lt, firefox-locale-es, firefox-locale-mr,
    firefox-locale-mai, firefox-locale-kab, firefox-locale-id,
    firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms,
    firefox-locale-gu, firefox-locale-pt, firefox-locale-cy,
    firefox-locale-szl, firefox-locale-nb, firefox-locale-fa,
    firefox-locale-hr, firefox-locale-hu, firefox-locale-cak,
    firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be,
    firefox-locale-kk, firefox-locale-ast, firefox-locale-sw,
    firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo,
    firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr,
    firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et,
    firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja,
    firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant,
    firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr,
    firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur,
    firefox-dev, firefox-locale-af
  o USN-5229-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu,
    firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi,
    firefox-locale-da, firefox-mozsymbols, firefox-geckodriver,
    firefox-locale-nso, firefox-locale-ml, firefox-locale-ko,
    firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el,
    firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy,
    firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en,
    firefox-locale-is, firefox-locale-ar, firefox-locale-csb,
    firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk,
    firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox,
    firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as,
    firefox-locale-hsb, firefox-locale-br, firefox-locale-pa,
    firefox-locale-lt, firefox-locale-es, firefox-locale-mr,
    firefox-locale-mai, firefox-locale-kab, firefox-locale-id,
    firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms,
    firefox-locale-gu, firefox-locale-pt, firefox-locale-cy,
    firefox-locale-szl, firefox-locale-nb, firefox-locale-fa,
    firefox-locale-hr, firefox-locale-hu, firefox-locale-cak,
    firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be,
    firefox-locale-kk, firefox-locale-ast, firefox-locale-sw,
    firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo,
    firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr,
    firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et,
    firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja,
    firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant,
    firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr,
    firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur,
    firefox-dev, firefox-locale-af
  o USN-5132-1 : thunderbird-locale-vi, thunderbird-locale-zh-tw,
    thunderbird-locale-et, thunderbird-locale-eu, thunderbird-locale-bn-bd,
    thunderbird-locale-ru, thunderbird-locale-fy-nl, thunderbird-locale-hr,
    thunderbird-locale-lt, thunderbird-locale-sv, thunderbird-dev,
    thunderbird-locale-zh-hant, thunderbird-locale-af, thunderbird-locale-kk,
    thunderbird-locale-ar, thunderbird, thunderbird-locale-da,
    thunderbird-locale-rm, thunderbird-locale-ms, thunderbird-locale-uk,
    thunderbird-locale-en-us, xul-ext-calendar-timezones,
    thunderbird-locale-sq, xul-ext-gdata-provider, thunderbird-gnome-support,
    xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-pt-br,
    thunderbird-locale-he, thunderbird-locale-id, thunderbird-locale-sr,
    thunderbird-locale-zh-hans, thunderbird-locale-be, thunderbird-locale-gd,
    thunderbird-locale-hy, thunderbird-locale-de, thunderbird-locale-bg,
    thunderbird-locale-fi, thunderbird-locale-nb, thunderbird-locale-ga-ie,
    thunderbird-locale-el, thunderbird-locale-sk, thunderbird-locale-si,
    thunderbird-locale-nn, thunderbird-mozsymbols, thunderbird-locale-bn,
    thunderbird-locale-th, thunderbird-locale-is, thunderbird-locale-cs,
    thunderbird-locale-pa, thunderbird-locale-ta, thunderbird-locale-pl,
    thunderbird-locale-es-ar, thunderbird-locale-ko, thunderbird-locale-pa-in,
    thunderbird-locale-ga, thunderbird-locale-nl, thunderbird-locale-pt,
    thunderbird-locale-pt-pt, thunderbird-locale-ja, thunderbird-locale-kab,
    thunderbird-locale-en, thunderbird-locale-mk, thunderbird-locale-fy,
    thunderbird-locale-es-es, thunderbird-locale-gl, thunderbird-locale-zh-cn,
    thunderbird-locale-cak, thunderbird-locale-ta-lk, thunderbird-locale-nb-no,
    thunderbird-locale-it, thunderbird-locale-hu, thunderbird-locale-cy,
    thunderbird-locale-fa, thunderbird-locale-ca, thunderbird-locale-dsb,
    thunderbird-locale-uz, thunderbird-locale-en-gb, thunderbird-locale-hsb,
    thunderbird-locale-ast, thunderbird-locale-lv, thunderbird-locale-ro,
    thunderbird-locale-br, thunderbird-locale-es, thunderbird-locale-tr,
    thunderbird-locale-fr, thunderbird-locale-sl, thunderbird-locale-sv-se,
    thunderbird-locale-ka
  o USN-5246-1 : thunderbird-locale-vi, thunderbird-locale-zh-tw,
    thunderbird-locale-et, thunderbird-locale-eu, thunderbird-locale-bn-bd,
    thunderbird-locale-ru, thunderbird-locale-fy-nl, thunderbird-locale-hr,
    thunderbird-locale-lt, thunderbird-locale-sv, thunderbird-dev,
    thunderbird-locale-zh-hant, thunderbird-locale-af, thunderbird-locale-kk,
    thunderbird-locale-ar, thunderbird, thunderbird-locale-da,
    thunderbird-locale-rm, thunderbird-locale-ms, thunderbird-locale-uk,
    thunderbird-locale-en-us, xul-ext-calendar-timezones,
    thunderbird-locale-sq, xul-ext-gdata-provider, thunderbird-gnome-support,
    xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-pt-br,
    thunderbird-locale-he, thunderbird-locale-id, thunderbird-locale-sr,
    thunderbird-locale-zh-hans, thunderbird-locale-be, thunderbird-locale-gd,
    thunderbird-locale-hy, thunderbird-locale-de, thunderbird-locale-bg,
    thunderbird-locale-fi, thunderbird-locale-nb, thunderbird-locale-ga-ie,
    thunderbird-locale-el, thunderbird-locale-sk, thunderbird-locale-si,
    thunderbird-locale-nn, thunderbird-mozsymbols, thunderbird-locale-bn,
    thunderbird-locale-th, thunderbird-locale-is, thunderbird-locale-cs,
    thunderbird-locale-pa, thunderbird-locale-ta, thunderbird-locale-pl,
    thunderbird-locale-es-ar, thunderbird-locale-ko, thunderbird-locale-pa-in,
    thunderbird-locale-ga, thunderbird-locale-nl, thunderbird-locale-pt,
    thunderbird-locale-pt-pt, thunderbird-locale-ja, thunderbird-locale-kab,
    thunderbird-locale-en, thunderbird-locale-mk, thunderbird-locale-fy,
    thunderbird-locale-es-es, thunderbird-locale-gl, thunderbird-locale-zh-cn,
    thunderbird-locale-cak, thunderbird-locale-ta-lk, thunderbird-locale-nb-no,
    thunderbird-locale-it, thunderbird-locale-hu, thunderbird-locale-cy,
    thunderbird-locale-fa, thunderbird-locale-ca, thunderbird-locale-dsb,
    thunderbird-locale-uz, thunderbird-locale-en-gb, thunderbird-locale-hsb,
    thunderbird-locale-ast, thunderbird-locale-lv, thunderbird-locale-ro,
    thunderbird-locale-br, thunderbird-locale-es, thunderbird-locale-tr,
    thunderbird-locale-fr, thunderbird-locale-sl, thunderbird-locale-sv-se,
    thunderbird-locale-ka
  o USN-5152-1 : thunderbird-locale-vi, thunderbird-locale-zh-tw,
    thunderbird-locale-et, thunderbird-locale-eu, thunderbird-locale-bn-bd,
    thunderbird-locale-ru, thunderbird-locale-fy-nl, thunderbird-locale-hr,
    thunderbird-locale-lt, thunderbird-locale-sv, thunderbird-dev,
    thunderbird-locale-zh-hant, thunderbird-locale-af, thunderbird-locale-kk,
    thunderbird-locale-ar, thunderbird, thunderbird-locale-da,
    thunderbird-locale-rm, thunderbird-locale-ms, thunderbird-locale-uk,
    thunderbird-locale-en-us, xul-ext-calendar-timezones,
    thunderbird-locale-sq, xul-ext-gdata-provider, thunderbird-gnome-support,
    xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-pt-br,
    thunderbird-locale-he, thunderbird-locale-id, thunderbird-locale-sr,
    thunderbird-locale-zh-hans, thunderbird-locale-be, thunderbird-locale-gd,
    thunderbird-locale-hy, thunderbird-locale-de, thunderbird-locale-bg,
    thunderbird-locale-fi, thunderbird-locale-nb, thunderbird-locale-ga-ie,
    thunderbird-locale-el, thunderbird-locale-sk, thunderbird-locale-si,
    thunderbird-locale-nn, thunderbird-mozsymbols, thunderbird-locale-bn,
    thunderbird-locale-th, thunderbird-locale-is, thunderbird-locale-cs,
    thunderbird-locale-pa, thunderbird-locale-ta, thunderbird-locale-pl,
    thunderbird-locale-es-ar, thunderbird-locale-ko, thunderbird-locale-pa-in,
    thunderbird-locale-ga, thunderbird-locale-nl, thunderbird-locale-pt,
    thunderbird-locale-pt-pt, thunderbird-locale-ja, thunderbird-locale-kab,
    thunderbird-locale-en, thunderbird-locale-mk, thunderbird-locale-fy,
    thunderbird-locale-es-es, thunderbird-locale-gl, thunderbird-locale-zh-cn,
    thunderbird-locale-cak, thunderbird-locale-ta-lk, thunderbird-locale-nb-no,
    thunderbird-locale-it, thunderbird-locale-hu, thunderbird-locale-cy,
    thunderbird-locale-fa, thunderbird-locale-ca, thunderbird-locale-dsb,
    thunderbird-locale-uz, thunderbird-locale-en-gb, thunderbird-locale-hsb,
    thunderbird-locale-ast, thunderbird-locale-lv, thunderbird-locale-ro,
    thunderbird-locale-br, thunderbird-locale-es, thunderbird-locale-tr,
    thunderbird-locale-fr, thunderbird-locale-sl, thunderbird-locale-sv-se,
    thunderbird-locale-ka
  o USN-5107-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu,
    firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi,
    firefox-locale-da, firefox-mozsymbols, firefox-geckodriver,
    firefox-locale-nso, firefox-locale-ml, firefox-locale-ko,
    firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el,
    firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy,
    firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en,
    firefox-locale-is, firefox-locale-ar, firefox-locale-csb,
    firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk,
    firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox,
    firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as,
    firefox-locale-hsb, firefox-locale-br, firefox-locale-pa,
    firefox-locale-lt, firefox-locale-es, firefox-locale-mr,
    firefox-locale-mai, firefox-locale-kab, firefox-locale-id,
    firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms,
    firefox-locale-gu, firefox-locale-pt, firefox-locale-cy,
    firefox-locale-szl, firefox-locale-nb, firefox-locale-fa,
    firefox-locale-hr, firefox-locale-hu, firefox-locale-cak,
    firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be,
    firefox-locale-kk, firefox-locale-ast, firefox-locale-sw,
    firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo,
    firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr,
    firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et,
    firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja,
    firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant,
    firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr,
    firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur,
    firefox-dev, firefox-locale-af
  o USN-5047-1 : firefox-locale-km, firefox-locale-ia, firefox-locale-eu,
    firefox-locale-ku, firefox-locale-de, firefox-locale-gd, firefox-locale-fi,
    firefox-locale-da, firefox-mozsymbols, firefox-geckodriver,
    firefox-locale-nso, firefox-locale-ml, firefox-locale-ko,
    firefox-locale-nn, firefox-locale-th, firefox-locale-ne, firefox-locale-el,
    firefox-locale-mn, firefox-locale-gn, firefox-locale-uz, firefox-locale-hy,
    firefox-locale-az, firefox-locale-or, firefox-locale-gl, firefox-locale-en,
    firefox-locale-is, firefox-locale-ar, firefox-locale-csb,
    firefox-locale-pl, firefox-locale-ta, firefox-locale-nl, firefox-locale-mk,
    firefox-locale-my, firefox-locale-kn, firefox-locale-lv, firefox,
    firefox-locale-hi, firefox-locale-sl, firefox-locale-sv, firefox-locale-as,
    firefox-locale-hsb, firefox-locale-br, firefox-locale-pa,
    firefox-locale-lt, firefox-locale-es, firefox-locale-mr,
    firefox-locale-mai, firefox-locale-kab, firefox-locale-id,
    firefox-locale-zh-hans, firefox-locale-bg, firefox-locale-ms,
    firefox-locale-gu, firefox-locale-pt, firefox-locale-cy,
    firefox-locale-szl, firefox-locale-nb, firefox-locale-fa,
    firefox-locale-hr, firefox-locale-hu, firefox-locale-cak,
    firefox-locale-uk, firefox-locale-vi, firefox-locale-lg, firefox-locale-be,
    firefox-locale-kk, firefox-locale-ast, firefox-locale-sw,
    firefox-locale-it, firefox-locale-fr, firefox-locale-ga, firefox-locale-eo,
    firefox-locale-ro, firefox-locale-ca, firefox-locale-sq, firefox-locale-tr,
    firefox-locale-oc, firefox-locale-he, firefox-locale-fy, firefox-locale-et,
    firefox-locale-ka, firefox-locale-cs, firefox-locale-bn, firefox-locale-ja,
    firefox-locale-sk, firefox-locale-si, firefox-locale-zh-hant,
    firefox-locale-zu, firefox-locale-xh, firefox-locale-bs, firefox-locale-sr,
    firefox-locale-an, firefox-locale-te, firefox-locale-ru, firefox-locale-ur,
    firefox-dev, firefox-locale-af

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYe4E+ONLKJtyKPYoAQg3ug//f9szZU0EUdzTRITVkzU4U+cTaX53X/0y
S8gEIQt8iLPmjav4sAeQT0cDS55LHURu4l6N8f96Ec93S/NpmErmMq51e31r2w3L
DyYcHnmiLKHxJSS6P0JdBFfclcpIFVXr0k+6TdLtxwczXcF8NwvtzD3NtMzluhP5
2cZpvQ1hpa4Z60VREZl8Tj9iT17p7wY3cyOqBkqFT6FJyeCn7Oi30LNdZmzki9rr
e9ZodPSfjlahaH/o5fGszcG2FXx3b3MnRpQ0UBWRKDbK7rkEaj1XaIgPillpxpzl
W4kteT/bFEYRpsUV0FLHm9KrFTzv3UL9XJC4o/7F6DVkFsd5w5/g7jW8E/yJ2DfO
GqZ9OU5sCpUq3koxjO8x2pDurXaD09fI7smCchSUE0R95YAmExPv729Q63yNSohU
xd/+kQKkI4/icL8PmZWwOlo072qV+Tksj3nUHOkzPJPMCNH90DQ2aTRNgGCf1XU/
AkCt/Rrm23jeaazdZBNbAzCqvK9mEYwApheBfrMhJPelosiYtKrbhyK0DfT4gUk3
lqQuqzG5FF5DoamTB3P8/wH8D84TX2rULLr9XjWR0Vj1p3546zvC6sEYTadVQLrI
ilRC+guFGI2+Bwzu0UByCVBhVcEH1CsDkX8w0AzebNXNgz2ohn7ngamb+xbLZieC
nIKBCemKhgI=
=kjRg
-----END PGP SIGNATURE-----