CentOS Errata and Security Advisory CESA-2020:2050
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.8.0.
Mozilla: Use-after-free during worker shutdown (CVE-2020-12387)
Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395)
usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831)
Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392)
Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2020-May/035714.html
Affected packages: thunderbird
Upstream details at: