[RHSA-2019:2774] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.9.0.
Security Fix(es):
Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739)
Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740)
Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742)
Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)
Mozilla: Use-after-free while manipulating video (CVE-2019-11746)
Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.0 | < 60.9.0-2.el8_0 |
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.0 | < 60.9.0-2.el8_0 |
- ID
- RHSA-2019:2774
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2019:2774
- Published
-
2019-09-16T00:00:00
(5 years ago) - Modified
-
2019-09-16T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2019-1304
- ALPINE:CVE-2019-11740
- ALPINE:CVE-2019-11742
- ALPINE:CVE-2019-11743
- ALPINE:CVE-2019-11744
- ALPINE:CVE-2019-11746
- ALPINE:CVE-2019-11752
- ASA-201909-2
- DSA-4516-1
- DSA-4523-1
- ELSA-2019-2663
- ELSA-2019-2694
- ELSA-2019-2729
- ELSA-2019-2773
- ELSA-2019-2774
- ELSA-2019-2807
- FREEBSD:05463E0A-ABD3-4FA4-BD5F-CD5ED132D4C6
- GLSA-201911-07
- MFSA-2019-25
- MFSA-2019-26
- MFSA-2019-27
- MFSA-2019-29
- MFSA-2019-30
- openSUSE-SU-2019:2248-1
- openSUSE-SU-2019:2249-1
- openSUSE-SU-2019:2251-1
- openSUSE-SU-2019:2260-1
- RHSA-2019:2663
- RHSA-2019:2694
- RHSA-2019:2729
- RHSA-2019:2773
- RHSA-2019:2807
- SUSE-SU-2019:2436-1
- SUSE-SU-2019:2515-1
- SUSE-SU-2019:2545-1
- SUSE-SU-2019:2620-1
- USN-4122-1
- USN-4150-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1748652 | https://bugzilla.redhat.com/1748652 | |
Bugzilla | 1748653 | https://bugzilla.redhat.com/1748653 | |
Bugzilla | 1748654 | https://bugzilla.redhat.com/1748654 | |
Bugzilla | 1748655 | https://bugzilla.redhat.com/1748655 | |
Bugzilla | 1748656 | https://bugzilla.redhat.com/1748656 | |
Bugzilla | 1748657 | https://bugzilla.redhat.com/1748657 | |
Bugzilla | 1752307 | https://bugzilla.redhat.com/1752307 | |
RHSA | RHSA-2019:2774 | https://access.redhat.com/errata/RHSA-2019:2774 | |
CVE | CVE-2019-11739 | https://access.redhat.com/security/cve/CVE-2019-11739 | |
CVE | CVE-2019-11740 | https://access.redhat.com/security/cve/CVE-2019-11740 | |
CVE | CVE-2019-11742 | https://access.redhat.com/security/cve/CVE-2019-11742 | |
CVE | CVE-2019-11743 | https://access.redhat.com/security/cve/CVE-2019-11743 | |
CVE | CVE-2019-11744 | https://access.redhat.com/security/cve/CVE-2019-11744 | |
CVE | CVE-2019-11746 | https://access.redhat.com/security/cve/CVE-2019-11746 | |
CVE | CVE-2019-11752 | https://access.redhat.com/security/cve/CVE-2019-11752 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.0 | redhat | thunderbird | < 60.9.0-2.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.0 | redhat | thunderbird | < 60.9.0-2.el8_0 | redhat-8.0 | ppc64le |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |