[RHSA-2019:0681] thunderbird security update

Severity Important

Affected Packages 3

CVEs 13

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 60.6.1.

Security Fix(es):

Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788)
Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790)
Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791)
Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792)
Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810)
Mozilla: Ionmonkey type confusion with proto mutations (CVE-2019-9813)
Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793)
Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795)
Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796)
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.6	< 60.6.1-1.el7_6
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.6	< 60.6.1-1.el7_6
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-7.6	< 60.6.1-1.el7_6

ID

RHSA-2019:0681

Severity

important

URL

https://access.redhat.com/errata/RHSA-2019:0681

Published

2019-03-28T00:00:00
(5 years ago)

Modified

2019-03-28T00:00:00
(5 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1656570	https://bugzilla.redhat.com/1656570
Bugzilla	1676991	https://bugzilla.redhat.com/1676991
Bugzilla	1677613	https://bugzilla.redhat.com/1677613
Bugzilla	1690673	https://bugzilla.redhat.com/1690673
Bugzilla	1690674	https://bugzilla.redhat.com/1690674
Bugzilla	1690675	https://bugzilla.redhat.com/1690675
Bugzilla	1690676	https://bugzilla.redhat.com/1690676
Bugzilla	1690677	https://bugzilla.redhat.com/1690677
Bugzilla	1690678	https://bugzilla.redhat.com/1690678
Bugzilla	1690680	https://bugzilla.redhat.com/1690680
Bugzilla	1690681	https://bugzilla.redhat.com/1690681
Bugzilla	1692181	https://bugzilla.redhat.com/1692181
Bugzilla	1692182	https://bugzilla.redhat.com/1692182
RHSA	RHSA-2019:0681	https://access.redhat.com/errata/RHSA-2019:0681
CVE	CVE-2018-18356	https://access.redhat.com/security/cve/CVE-2018-18356
CVE	CVE-2018-18506	https://access.redhat.com/security/cve/CVE-2018-18506
CVE	CVE-2018-18509	https://access.redhat.com/security/cve/CVE-2018-18509
CVE	CVE-2019-5785	https://access.redhat.com/security/cve/CVE-2019-5785
CVE	CVE-2019-9788	https://access.redhat.com/security/cve/CVE-2019-9788
CVE	CVE-2019-9790	https://access.redhat.com/security/cve/CVE-2019-9790
CVE	CVE-2019-9791	https://access.redhat.com/security/cve/CVE-2019-9791
CVE	CVE-2019-9792	https://access.redhat.com/security/cve/CVE-2019-9792
CVE	CVE-2019-9793	https://access.redhat.com/security/cve/CVE-2019-9793
CVE	CVE-2019-9795	https://access.redhat.com/security/cve/CVE-2019-9795
CVE	CVE-2019-9796	https://access.redhat.com/security/cve/CVE-2019-9796
CVE	CVE-2019-9810	https://access.redhat.com/security/cve/CVE-2019-9810
CVE	CVE-2019-9813	https://access.redhat.com/security/cve/CVE-2019-9813

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.6	redhat	thunderbird	< 60.6.1-1.el7_6	redhat-7.6	x86_64
Affected	pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.6	redhat	thunderbird	< 60.6.1-1.el7_6	redhat-7.6	ppc64le
Affected	pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-7.6	redhat	thunderbird	< 60.6.1-1.el7_6	redhat-7.6	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date