thunderbird security update

2020-05-21T14:18:20
ID CESA-2020:2050
Type centos
Reporter CentOS Project
Modified 2020-05-21T14:18:20

Description

CentOS Errata and Security Advisory CESA-2020:2050

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.8.0.

Security Fix(es):

  • Mozilla: Use-after-free during worker shutdown (CVE-2020-12387)

  • Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395)

  • usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831)

  • Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392)

  • Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2020-May/035714.html

Affected packages: thunderbird

Upstream details at: