Gentoo FoundationMGASA-2019-0275Updated thunderbird packages fix security vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.7%
Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message (CVE-2019-11739). Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 (CVE-2019-11740) Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) Cross-origin access to unload event attributes (CVE-2019-11743) XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) Use-after-free while manipulating video (CVE-2019-11746) Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | thunderbird | < 60.9.0-1 | thunderbird-60.9.0-1.mga6 |
| Mageia | 6 | noarch | thunderbird-l10n | < 60.9.0-1 | thunderbird-l10n-60.9.0-1.mga6 |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.7%