vulnerability

Ubuntu: (Multiple Advisories) (CVE-2016-2805): Thunderbird vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 30, 2016	May 19, 2016	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 30, 2016

Added

May 19, 2016

Modified

Apr 14, 2025

Description

Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple
memory safety issues in Thunderbird. If a user were tricked in to opening
a specially crafted message, an attacker could potentially exploit these
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-2805, CVE-2016-2807)

Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS
produce incorrect results in some circumstances, resulting in
cryptographic weaknesses. (CVE-2016-1938)

A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in
NSS. A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-1978)

A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey
in NSS. A remote attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-1979)

Solution

ubuntu-upgrade-thunderbird

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today