(RHSA-2019:1623) Important: thunderbird security update

2019-06-27T12:50:51
ID RHSA-2019:1623
Type redhat
Reporter RedHat
Modified 2019-06-27T12:55:19

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 60.7.2.

Security Fix(es):

  • Mozilla: Type confusion in Array.pop (CVE-2019-11707)

  • thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)

  • Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)

  • thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)

  • thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)

  • thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.