CentOS Errata and Security Advisory CESA-2020:1488
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.7.0.
Security Fix(es):
Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)
Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)
Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)
Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)
Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-April/085822.html
Affected packages:
thunderbird
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:1488
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | thunderbird | < 68.7.0-1.el6.centos | thunderbird-68.7.0-1.el6.centos.i686.rpm |
CentOS | 6 | x86_64 | thunderbird | < 68.7.0-1.el6.centos | thunderbird-68.7.0-1.el6.centos.x86_64.rpm |