A side note: scripting is disabled in emails − any issues that require the ability to run scripts only apply to web browsing contexts in thunderbird.
This is not to downplay the severity of the CVE, just to give context on its potential to affect users. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to thunderbird in Ubuntu. https://bugs.launchpad.net/bugs/1903826 Title: Critical security vulnerability in latest available thunderbird on all supported LTS releases Status in thunderbird package in Ubuntu: Fix Released Bug description: ALL Thunderbird releases appear to be vulnerable up to Thunderbird 78.4.2, which was released on Monday 9th November. https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1903826/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
