[RHSA-2019:1626] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.2.
Security Fix(es):
Mozilla: Type confusion in Array.pop (CVE-2019-11707)
thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)
Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)
thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)
thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.6 | < 60.7.2-2.el7_6 |
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.6 | < 60.7.2-2.el7_6 |
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-7.6 | < 60.7.2-2.el7_6 |
- ID
- RHSA-2019:1626
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:1626
- Published
-
2019-06-27T00:00:00
(5 years ago) - Modified
-
2019-06-27T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2019-1250
- ALPINE:CVE-2019-11707
- ALPINE:CVE-2019-11708
- ASA-201906-10
- ASA-201906-18
- ASA-201906-19
- ASA-201906-20
- CISA-2022:0523
- DSA-4464-1
- DSA-4466-1
- DSA-4471-1
- DSA-4474-1
- ELSA-2019-1603
- ELSA-2019-1604
- ELSA-2019-1623
- ELSA-2019-1624
- ELSA-2019-1626
- ELSA-2019-1696
- FEDORA-2019-1ae01e6688
- FEDORA-2019-2cac67b3bc
- FEDORA-2019-53e4772bb8
- FEDORA-2019-9d9ad2999e
- FEDORA-2019-c2ff49ef73
- FREEBSD:0CEA6E0A-7A39-4DAC-B3EC-DBC13D404F76
- FREEBSD:39BC2294-FF32-4972-9ECB-B9F40B4CCB74
- FREEBSD:49BEB00F-A6E1-4A42-93DF-9CB14B4C2BEE
- FREEBSD:98F1241F-8C09-4237-AD0D-67FB4158EA7A
- GLSA-201908-12
- GLSA-201908-20
- MFSA-2019-17
- MFSA-2019-18
- MFSA-2019-19
- MFSA-2019-20
- openSUSE-SU-2019:1583-1
- openSUSE-SU-2019:1593-1
- openSUSE-SU-2019:1595-1
- openSUSE-SU-2019:1606-1
- openSUSE-SU-2019:1664-1
- RHSA-2019:1603
- RHSA-2019:1604
- RHSA-2019:1623
- RHSA-2019:1624
- RHSA-2019:1696
- SSA:2019-164-01
- SSA:2019-169-02
- SSA:2019-172-01
- SSA:2019-172-02
- SUSE-SU-2019:1495-1
- SUSE-SU-2019:1629-1
- SUSE-SU-2019:1682-1
- SUSE-SU-2019:1683-1
- SUSE-SU-2019:1684-1
- USN-4020-1
- USN-4028-1
- USN-4032-1
- USN-4045-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1720001 | https://bugzilla.redhat.com/1720001 | |
Bugzilla | 1720006 | https://bugzilla.redhat.com/1720006 | |
Bugzilla | 1720008 | https://bugzilla.redhat.com/1720008 | |
Bugzilla | 1720011 | https://bugzilla.redhat.com/1720011 | |
Bugzilla | 1721789 | https://bugzilla.redhat.com/1721789 | |
Bugzilla | 1722673 | https://bugzilla.redhat.com/1722673 | |
RHSA | RHSA-2019:1626 | https://access.redhat.com/errata/RHSA-2019:1626 | |
CVE | CVE-2019-11703 | https://access.redhat.com/security/cve/CVE-2019-11703 | |
CVE | CVE-2019-11704 | https://access.redhat.com/security/cve/CVE-2019-11704 | |
CVE | CVE-2019-11705 | https://access.redhat.com/security/cve/CVE-2019-11705 | |
CVE | CVE-2019-11706 | https://access.redhat.com/security/cve/CVE-2019-11706 | |
CVE | CVE-2019-11707 | https://access.redhat.com/security/cve/CVE-2019-11707 | |
CVE | CVE-2019-11708 | https://access.redhat.com/security/cve/CVE-2019-11708 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.6 | redhat | thunderbird | < 60.7.2-2.el7_6 | redhat-7.6 | x86_64 | |
Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.6 | redhat | thunderbird | < 60.7.2-2.el7_6 | redhat-7.6 | ppc64le | |
Affected | pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-7.6 | redhat | thunderbird | < 60.7.2-2.el7_6 | redhat-7.6 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |