[RHSA-2019:2774] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.9.0.
Security Fix(es):
Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739)
Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740)
Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742)
Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)
Mozilla: Use-after-free while manipulating video (CVE-2019-11746)
Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.0
|
< 60.9.0-2.el8_0 |
|
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.0
|
< 60.9.0-2.el8_0 |
- ID
- RHSA-2019:2774
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:2774
- Published
-
2019-09-16T00:00:00
(5 years ago) - Modified
-
2019-09-16T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2019-1304
-
ALPINE:CVE-2019-11740
-
ALPINE:CVE-2019-11742
-
ALPINE:CVE-2019-11743
-
ALPINE:CVE-2019-11744
-
ALPINE:CVE-2019-11746
-
ALPINE:CVE-2019-11752
-
ASA-201909-2
-
DSA-4516-1
-
DSA-4523-1
-
ELSA-2019-2663
-
ELSA-2019-2694
-
ELSA-2019-2729
-
ELSA-2019-2773
-
ELSA-2019-2774
-
ELSA-2019-2807
-
FREEBSD:05463E0A-ABD3-4FA4-BD5F-CD5ED132D4C6
-
GLSA-201911-07
-
MFSA-2019-25
-
MFSA-2019-26
-
MFSA-2019-27
-
MFSA-2019-29
-
MFSA-2019-30
-
openSUSE-SU-2019:2248-1
-
openSUSE-SU-2019:2249-1
-
openSUSE-SU-2019:2251-1
-
openSUSE-SU-2019:2260-1
-
RHSA-2019:2663
-
RHSA-2019:2694
-
RHSA-2019:2729
-
RHSA-2019:2773
-
RHSA-2019:2807
-
SUSE-SU-2019:2436-1
-
SUSE-SU-2019:2515-1
-
SUSE-SU-2019:2545-1
-
SUSE-SU-2019:2620-1
-
USN-4122-1
-
USN-4150-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1748652 |
|
|
| Bugzilla | 1748653 |
|
|
| Bugzilla | 1748654 |
|
|
| Bugzilla | 1748655 |
|
|
| Bugzilla | 1748656 |
|
|
| Bugzilla | 1748657 |
|
|
| Bugzilla | 1752307 |
|
|
| RHSA | RHSA-2019:2774 |
|
|
| CVE | CVE-2019-11739 |
|
|
| CVE | CVE-2019-11740 |
|
|
| CVE | CVE-2019-11742 |
|
|
| CVE | CVE-2019-11743 |
|
|
| CVE | CVE-2019-11744 |
|
|
| CVE | CVE-2019-11746 |
|
|
| CVE | CVE-2019-11752 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.0 | redhat |
thunderbird
|
< 60.9.0-2.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.0 | redhat |
thunderbird
|
< 60.9.0-2.el8_0 | redhat-8.0 | ppc64le |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |