A side note: scripting is disabled in emails − any issues that require
the ability to run scripts only apply to web browsing contexts in
thunderbird.
This is not to downplay the severity of the CVE, just to give context on
its potential to affect users.
--
You received this bug notification beca
This CVE doesn't appear to be fixed in the 68 series, but I'm not sure
whether it is exploitable there either (the upstream bug report is,
logically, private).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26950
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1903826
Title:
Critical security vulnerability in latest available thunderbird
The issue should be fixed in
https://launchpad.net/ubuntu/+source/thunderbird/1:78.4.2+build1-0ubuntu1
Security updates needs to be applied to stable series still though
** Changed in: thunderbird (Ubuntu)
Importance: Undecided => High
** Changed in: thunderbird (Ubuntu)
Status: New =>
