Updated thunderbird packages fix security vulnerability

2018-02-0609:25:44

Gentoo Foundation

advisories.mageia.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Integer overflow in Skia library during edge builder allocation. (CVE-2018-5095) Use-after-free while editing form elements. (CVE-2018-5096) Use-after-free when source document is manipulated during XSLT. (CVE-2018-5097) Use-after-free while manipulating form input elements. (CVE-2018-5098) Use-after-free with widget listener. (CVE-2018-5099) Use-after-free in HTML media elements. (CVE-2018-5102) Use-after-free during mouse event handling. (CVE-2018-5103) Use-after-free during font face manipulation. (CVE-2018-5104) URL spoofing with right-to-left text aligned left-to-right. (CVE-2018-5117) Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6. (CVE-2018-5089)

OSVersionArchitecturePackageVersionFilename
Mageia5noarchthunderbird< 52.6.0-1thunderbird-52.6.0-1.mga5
Mageia5noarchthunderbird-l10n< 52.6.0-1thunderbird-l10n-52.6.0-1.mga5
Mageia6noarchthunderbird< 52.6.0-1thunderbird-52.6.0-1.mga6
Mageia6noarchthunderbird-l10n< 52.6.0-1thunderbird-l10n-52.6.0-1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	thunderbird	< 52.6.0-1	thunderbird-52.6.0-1.mga5
Mageia	5	noarch	thunderbird-l10n	< 52.6.0-1	thunderbird-l10n-52.6.0-1.mga5
Mageia	6	noarch	thunderbird	< 52.6.0-1	thunderbird-52.6.0-1.mga6
Mageia	6	noarch	thunderbird-l10n	< 52.6.0-1	thunderbird-l10n-52.6.0-1.mga6