Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.2.
Security Fix(es):
Mozilla: Type confusion in Array.pop (CVE-2019-11707)
thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)
Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)
thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)
thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc64 | thunderbird | < 60.7.2-2.el6_10 | thunderbird-60.7.2-2.el6_10.ppc64.rpm |
RedHat | 6 | i686 | thunderbird | < 60.7.2-2.el6_10 | thunderbird-60.7.2-2.el6_10.i686.rpm |
RedHat | 6 | i686 | thunderbird-debuginfo | < 60.7.2-2.el6_10 | thunderbird-debuginfo-60.7.2-2.el6_10.i686.rpm |
RedHat | 6 | x86_64 | thunderbird | < 60.7.2-2.el6_10 | thunderbird-60.7.2-2.el6_10.x86_64.rpm |
RedHat | 6 | s390x | thunderbird-debuginfo | < 60.7.2-2.el6_10 | thunderbird-debuginfo-60.7.2-2.el6_10.s390x.rpm |
RedHat | 6 | x86_64 | thunderbird-debuginfo | < 60.7.2-2.el6_10 | thunderbird-debuginfo-60.7.2-2.el6_10.x86_64.rpm |
RedHat | 6 | ppc64 | thunderbird-debuginfo | < 60.7.2-2.el6_10 | thunderbird-debuginfo-60.7.2-2.el6_10.ppc64.rpm |
RedHat | 6 | s390x | thunderbird | < 60.7.2-2.el6_10 | thunderbird-60.7.2-2.el6_10.s390x.rpm |