[openSUSE-SU-2019:1664-1] Security update for MozillaThunderbird
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird was updated to 60.7.2 / MFSA 2019-20 (boo#1138872):
* CVE-2019-11707: Type confusion in Array.pop
* CVE-2019-11708: sandbox escape using Prompt:Open
Mozilla Thunderbird was updated to 60.7.1 / MFSA 2019-17 (boo#1137595):
* CVE-2019-11703: Heap buffer overflow in icalparser.c
* CVE-2019-11704: Heap buffer overflow in icalvalue.c
* CVE-2019-11705: Stack buffer overflow in icalrecur.c
* CVE-2019-11706: Type confusion in icalproperty.c
Also fixed: No prompt for smartcard PIN when S/MIME signing is used
Mozilla Thunderbird was updated to 60.7.0 / MFSA 2019-15 (boo#1135824):
Attachment pane of Write window no longer focussed when attaching
files using a keyboard shortcutCVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9818 (Windows only): Use-after-free in crash generation server
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-9797: Cross-origin theft of images with createImageBitmap
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
CVE-2019-5798: Out-of-bounds read in Skia
CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
Disable building with LTO (boo#1133267).
- ID
- openSUSE-SU-2019:1664-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/#ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67
- Published
-
2019-06-28T08:42:30
(5 years ago) - Modified
-
2019-06-28T08:42:30
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2019-1229
- ALAS2-2019-1246
- ALAS2-2019-1250
- ALPINE:CVE-2018-18511
- ALPINE:CVE-2019-11691
- ALPINE:CVE-2019-11692
- ALPINE:CVE-2019-11693
- ALPINE:CVE-2019-11694
- ALPINE:CVE-2019-11698
- ALPINE:CVE-2019-11707
- ALPINE:CVE-2019-11708
- ALPINE:CVE-2019-5798
- ALPINE:CVE-2019-7317
- ALPINE:CVE-2019-9797
- ALPINE:CVE-2019-9800
- ALPINE:CVE-2019-9815
- ALPINE:CVE-2019-9816
- ALPINE:CVE-2019-9817
- ALPINE:CVE-2019-9818
- ALPINE:CVE-2019-9819
- ALPINE:CVE-2019-9820
- ASA-201902-16
- ASA-201903-11
- ASA-201903-8
- ASA-201904-10
- ASA-201905-8
- ASA-201905-9
- ASA-201906-10
- ASA-201906-18
- ASA-201906-19
- ASA-201906-20
- CISA-2022:0523
- DSA-4421-1
- DSA-4435-1
- DSA-4448-1
- DSA-4451-1
- DSA-4464-1
- DSA-4466-1
- DSA-4471-1
- DSA-4474-1
- ELSA-2019-1265
- ELSA-2019-1267
- ELSA-2019-1269
- ELSA-2019-1308
- ELSA-2019-1309
- ELSA-2019-1310
- ELSA-2019-1603
- ELSA-2019-1604
- ELSA-2019-1623
- ELSA-2019-1624
- ELSA-2019-1626
- ELSA-2019-1696
- FEDORA-2019-05a780936d
- FEDORA-2019-1ae01e6688
- FEDORA-2019-2cac67b3bc
- FEDORA-2019-335c3ad86a
- FEDORA-2019-53e4772bb8
- FEDORA-2019-561eae4626
- FEDORA-2019-9d9ad2999e
- FEDORA-2019-c2ff49ef73
- FREEBSD:05DA6B56-3E66-4306-9EA3-89FAFE939726
- FREEBSD:0CEA6E0A-7A39-4DAC-B3EC-DBC13D404F76
- FREEBSD:18211552-F650-4D86-BA4F-E6D5CBFCDBEB
- FREEBSD:39BC2294-FF32-4972-9ECB-B9F40B4CCB74
- FREEBSD:44B6DFBF-4EF7-4D52-AD52-2B1B05D81272
- FREEBSD:49BEB00F-A6E1-4A42-93DF-9CB14B4C2BEE
- FREEBSD:98F1241F-8C09-4237-AD0D-67FB4158EA7A
- GLSA-201903-23
- GLSA-201908-02
- GLSA-201908-12
- GLSA-201908-20
- MFSA-2019-04
- MFSA-2019-07
- MFSA-2019-13
- MFSA-2019-14
- MFSA-2019-15
- MFSA-2019-17
- MFSA-2019-18
- MFSA-2019-19
- MFSA-2019-20
- openSUSE-SU-2019:1062-1
- openSUSE-SU-2019:1530-1
- openSUSE-SU-2019:1534-1
- openSUSE-SU-2019:1583-1
- openSUSE-SU-2019:1593-1
- openSUSE-SU-2019:1595-1
- openSUSE-SU-2019:1606-1
- openSUSE-SU-2019:1666-1
- openSUSE-SU-2019:1912-1
- openSUSE-SU-2019:1916-1
- RHSA-2019:0708
- RHSA-2019:1265
- RHSA-2019:1267
- RHSA-2019:1269
- RHSA-2019:1308
- RHSA-2019:1309
- RHSA-2019:1310
- RHSA-2019:1603
- RHSA-2019:1604
- RHSA-2019:1623
- RHSA-2019:1624
- RHSA-2019:1626
- RHSA-2019:1696
- RHSA-2019:2494
- RHSA-2019:2495
- RHSA-2019:2585
- RHSA-2019:2590
- RHSA-2019:2592
- SSA:2019-107-01
- SSA:2019-141-01
- SSA:2019-164-01
- SSA:2019-169-02
- SSA:2019-172-01
- SSA:2019-172-02
- SUSE-SU-2019:1388-1
- SUSE-SU-2019:1398-1
- SUSE-SU-2019:1398-2
- SUSE-SU-2019:1405-1
- SUSE-SU-2019:1458-1
- SUSE-SU-2019:1495-1
- SUSE-SU-2019:1629-1
- SUSE-SU-2019:1682-1
- SUSE-SU-2019:1683-1
- SUSE-SU-2019:1684-1
- SUSE-SU-2019:2002-1
- SUSE-SU-2019:2021-1
- SUSE-SU-2019:2028-1
- SUSE-SU-2019:2036-1
- SUSE-SU-2019:2036-2
- SUSE-SU-2019:2291-1
- SUSE-SU-2019:2336-1
- SUSE-SU-2019:2371-1
- SUSE-SU-2019:3060-2
- USN-3896-1
- USN-3918-1
- USN-3918-2
- USN-3962-1
- USN-3991-1
- USN-3997-1
- USN-4020-1
- USN-4028-1
- USN-4032-1
- USN-4045-1
- USN-4080-1
- USN-4083-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird | < 60.7.2-85.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-translations-other | < 60.7.2-85.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-translations-common | < 60.7.2-85.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-buildsymbols | < 60.7.2-85.1 | opensuse-12 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |