When a company releases a new version of some software, it usually includes bug fixes and security. Many of the second ones are for small vulnerabilities that are not too dangerous, but when Canonical publishes its own report, at least we get the feeling that something is wrong. That's what happened a few hours ago: Canonical has published two security reports talking about vulnerabilities fixed in Firefox and Thunderbird from Mozilla.
To be fair and reading the report USN-4122-2, Firefox 69.0.2 You have not added any security enhancements; what it has done has been to repair a regression introduced in previous versions. When they talk about "Regression," what they are telling us is that "we fixed one thing and broke another," and Firefox 69.0.2 fixed an issue that had been generated in previous versions that prevented us change the speed of YouTube videos.
Mozilla did fix a total of 7 vulnerabilities in Thunderbird yesterday
Where yes fixed security bugs yesterday was in Thunderbird, 7 to be exact. All vulnerabilities corrected and collected in the report USN-4150-1 They are marked as medium priority and affect all versions of Ubuntu that are officially supported, which are Ubuntu 19.04, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. Fixed bugs are as follows:
- CVE-2019-11739- Could allow filtering of plain text included in a replied / forwarded HTML.
- CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746 y CVE-2019-11752: Multiple security issues discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit them to obtain sensitive information, perform cross-site scripting (XSS) attacks, avoid a denial of service, or execute arbitrary code.
Firefox security bugs were fixed in browser v69 and Thunderbird in the latest versions. Canonical says that most email manager vulnerabilities affect versions prior to Thunderbird 68.1, 60.9, while the browser vulnerabilities affect versions prior to Firefox 69, Firefox 60.9 ESR, and Firefox 68.1 ESR. Protecting ourselves from these failures is as simple as opening our software center (or the Software Update app) and installing the new packages. For the changes to take effect, it will be necessary to restart Firefox and Thunderbird, each restart will protect us in an app.