Lucene search

K
mageiaGentoo FoundationMGASA-2020-0142
HistoryMar 14, 2020 - 11:35 a.m.

Updated thunderbird packages fix security vulnerabilities

2020-03-1411:35:35
Gentoo Foundation
advisories.mageia.org
38

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.526

Percentile

97.6%

The updated packages fix a security vulnerabilities: Out of bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503) Use-after-free when removing data about origins. (CVE-2020-6805) BodyStream::OnInputStreamReady was missing protections against state confusion. (CVE-2020-6806) Use-after-free in cubeb during stream destruction. (CVE-2020-6807) Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data, potentially leading to command injection. (CVE-2020-6811) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission. (CVE-2020-6812) Memory safety bugs fixed in Thunderbird 68.6. (CVE-2020-6814)

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.526

Percentile

97.6%