Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511) Out-of-bounds read in Skia. (CVE-2019-5798) Use-after-free in png_image_free of libpng library. (CVE-2019-7317) Cross-origin theft of images with createImageBitmap. (CVE-2019-9797) Memory safety bugs fixed in Thunderbird 60.7. (CVE-2019-9800) Type confusion with object groups and UnboxedObjects. (CVE-2019-9816) Stealing of cross-domain images using canvas. (CVE-2019-9817) Use-after-free in crash generation server. (CVE-2019-9818) Compartment mismatch with fetch API. (CVE-2019-9819) Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820) Use-after-free in XMLHttpRequest. (CVE-2019-11691) Use-after-free removing listeners in the event listener manager. (CVE-2019-11692) Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693) Theft of user history data through drag and drop of hyperlinks to and from bookmarks. (CVE-2019-11698) Inline-PGP messages that allows an attacker to have Enigmail display a correctly signed or encrypted message info, but display a different unauthenticated text.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | thunderbird | < 60.7.0-1 | thunderbird-60.7.0-1.mga6 |
Mageia | 6 | noarch | thunderbird-l10n | < 60.7.0-1 | thunderbird-l10n-60.7.0-1.mga6 |