Mozilla Thunderbird: Remote code execution

Mozilla Thunderbird: Remote code execution Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. thunderbird 2021-01-22 2021-01-22 765088 remote 78.6.1 78.6.1 78.6.1 78.6.1

Mozilla Thunderbird is a popular open-source email client from the Mozilla project.

A use-after-free bug was discovered in Mozilla Thunderbird handling of SCTP.

A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

There is no known workaround at this time.

All Mozilla Thunderbird users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.6.1"

All Mozilla Thunderbird binary users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=mail-client/thunderbird-bin-78.6.1"

CVE-2020-16044 MFSA-2021-02 sam_c sam_c