[RHSA-2019:1626] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.2.
Security Fix(es):
Mozilla: Type confusion in Array.pop (CVE-2019-11707)
thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)
Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)
thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)
thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.6
|
< 60.7.2-2.el7_6 |
|
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.6
|
< 60.7.2-2.el7_6 |
|
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-7.6
|
< 60.7.2-2.el7_6 |
- ID
- RHSA-2019:1626
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:1626
- Published
-
2019-06-27T00:00:00
(5 years ago) - Modified
-
2019-06-27T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2019-1250
-
ALPINE:CVE-2019-11707
-
ALPINE:CVE-2019-11708
-
ASA-201906-10
-
ASA-201906-18
-
ASA-201906-19
-
ASA-201906-20
-
CISA-2022:0523
-
DSA-4464-1
-
DSA-4466-1
-
DSA-4471-1
-
DSA-4474-1
-
ELSA-2019-1603
-
ELSA-2019-1604
-
ELSA-2019-1623
-
ELSA-2019-1624
-
ELSA-2019-1626
-
ELSA-2019-1696
-
FEDORA-2019-1ae01e6688
-
FEDORA-2019-2cac67b3bc
-
FEDORA-2019-53e4772bb8
-
FEDORA-2019-9d9ad2999e
-
FEDORA-2019-c2ff49ef73
-
FREEBSD:0CEA6E0A-7A39-4DAC-B3EC-DBC13D404F76
-
FREEBSD:39BC2294-FF32-4972-9ECB-B9F40B4CCB74
-
FREEBSD:49BEB00F-A6E1-4A42-93DF-9CB14B4C2BEE
-
FREEBSD:98F1241F-8C09-4237-AD0D-67FB4158EA7A
-
GLSA-201908-12
-
GLSA-201908-20
-
MFSA-2019-17
-
MFSA-2019-18
-
MFSA-2019-19
-
MFSA-2019-20
-
openSUSE-SU-2019:1583-1
-
openSUSE-SU-2019:1593-1
-
openSUSE-SU-2019:1595-1
-
openSUSE-SU-2019:1606-1
-
openSUSE-SU-2019:1664-1
-
RHSA-2019:1603
-
RHSA-2019:1604
-
RHSA-2019:1623
-
RHSA-2019:1624
-
RHSA-2019:1696
-
SSA:2019-164-01
-
SSA:2019-169-02
-
SSA:2019-172-01
-
SSA:2019-172-02
-
SUSE-SU-2019:1495-1
-
SUSE-SU-2019:1629-1
-
SUSE-SU-2019:1682-1
-
SUSE-SU-2019:1683-1
-
SUSE-SU-2019:1684-1
-
USN-4020-1
-
USN-4028-1
-
USN-4032-1
-
USN-4045-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1720001 |
|
|
| Bugzilla | 1720006 |
|
|
| Bugzilla | 1720008 |
|
|
| Bugzilla | 1720011 |
|
|
| Bugzilla | 1721789 |
|
|
| Bugzilla | 1722673 |
|
|
| RHSA | RHSA-2019:1626 |
|
|
| CVE | CVE-2019-11703 |
|
|
| CVE | CVE-2019-11704 |
|
|
| CVE | CVE-2019-11705 |
|
|
| CVE | CVE-2019-11706 |
|
|
| CVE | CVE-2019-11707 |
|
|
| CVE | CVE-2019-11708 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.6 | redhat |
thunderbird
|
< 60.7.2-2.el7_6 | redhat-7.6 | x86_64 | |
| Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.6 | redhat |
thunderbird
|
< 60.7.2-2.el7_6 | redhat-7.6 | ppc64le | |
| Affected | pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-7.6 | redhat |
thunderbird
|
< 60.7.2-2.el7_6 | redhat-7.6 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |