Ubuntu Security Notice USN-3529-1
29th January, 2018
A security issue affects these releases of Ubuntu and its
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Several security issues were fixed in Thunderbird.
– Mozilla Open Source mail and newsgroup client
It was discovered that a From address encoded with a null character is
cut off in the message header display. An attacker could potentially
exploit this to spoof the sender address. (CVE-2017-7829)
in some circumstances. If a user were tricked in to opening a specially
crafted RSS feed, an attacker could potentially exploit this in
combination with another vulnerability, in order to cause unspecified
It was discovered that the RSS feed can leak local path names. If a user
were tricked in to opening a specially crafted RSS feed, an attacker
could potentially exploit this to obtain sensitive information.
It was discovered that RSS feeds are vulnerable to new line injection. If
a user were tricked in to opening a specially crafted RSS feed, an
attacker could potentially exploit this to cause unspecified problems.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
execute arbitrary code, or cause other unspecified effects.
(CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5013, CVE-2018-5104,
The problem can be corrected by updating your system to the following
- Ubuntu 17.10:
- Ubuntu 16.04 LTS:
- Ubuntu 14.04 LTS:
To update your system, please follow these instructions:
After a standard system update you need to restart Thunderbird to make
all the necessary changes.