TR-20-221 (Mozilla Thunderbird için Güvenlik Güncellemesi Yayınladı)

Genel Bilgi

Mozilla, Thunderbird ürününde bulunan denial of service, ACE, XSS, command injection ve Bilgi İfşası zafiyetlerini gidermeye yönelik güvenlik güncellemesi yayınladı.

Etki

Mevcut güvenlik zafiyetleri nedeniyle etkilenen sistemlerin siber saldırganlar tarafından ele geçirilmesi ihtimal dahilindedir. İgili CVE kodları şu şekildedir: CVE-2020-6792, CVE-2020-6793, CVE-2020-6795, CVE-2020-6822, CVE-2020-6794, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825, CVE-2020-6811 ve CVE-2020-6815 CVE-2020-6800

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; Mozilla tarafından yayınlanan Thunderbird 19.10, 18.04, 68.7.0, 0.19.10, 0.18.04, 74.0.1, 75.0 ve 2.0 güvenlik önerilerini incelemelerini ve gerekli işlemleri yapmalarını tavsiye etmektedir.

Kaynaklar

https://linuxsecurity.com/advisories/archlinux/archlinux-202004-12-thunderbird-multiple-issues-19-46-23?rss

https://linuxsecurity.com/advisories/ubuntu/ubuntu-4328-1-thunderbird-vulnerabilities-17-30-43?rss

https://linuxsecurity.com/advisories/debian/debian-dsa-4656-1-thunderbird-security-update-15-42-57?rss

https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1181957%2C1557732%2C1557739%2C1611457%2C1612431

https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819

https://bugzilla.mozilla.org/show_bug.cgi?id=1620818

https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820

https://bugzilla.mozilla.org/show_bug.cgi?id=1626728

https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821

https://bugzilla.mozilla.org/show_bug.cgi?id=1625404

https://security.archlinux.org/CVE-2020-6815

https://security.archlinux.org/CVE-2020-6819

https://security.archlinux.org/CVE-2020-6820

https://security.archlinux.org/CVE-2020-6821

https://security-tracker.debian.org/tracker/source-package/thunderbirdhttps://linuxsecurity.com/advisories/ubuntu/ubuntu-4328-1-thunderbird-vulnerabilities-17-30-43?rss

2020-04-14