Critical: thunderbird

2018-08-21T17:15:00
ID ALAS2-2018-1061
Type amazon
Reporter Amazon
Modified 2018-08-21T17:15:00

Description

Issue Overview:

Use-after-free when appending DOM nodes (CVE-2018-12363 __)

Use-after-free using focus() (CVE-2018-12360 __)

Compromised IPC child process can list local filenames (CVE-2018-12365 __)

Buffer overflow using computed size of canvas element (CVE-2018-12359 __)

Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374 __)

S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373 __)

Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188 __)

S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372 __)

Integer overflow in SSSE3 scaler (CVE-2018-12362 __)

CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364 __)

Invalid data handling during QCMS transformations (CVE-2018-12366 __)

Affected Packages:

thunderbird

Issue Correction:
Run yum update thunderbird to update your system.

New Packages:

i686:  
    thunderbird-52.9.1-1.amzn2.i686  
    thunderbird-debuginfo-52.9.1-1.amzn2.i686

src:  
    thunderbird-52.9.1-1.amzn2.src

x86_64:  
    thunderbird-52.9.1-1.amzn2.x86_64  
    thunderbird-debuginfo-52.9.1-1.amzn2.x86_64