(RHSA-2019:1799) Important: thunderbird security and bug fix update

2019-07-17T00:17:23
ID RHSA-2019:1799
Type redhat
Reporter RedHat
Modified 2019-07-17T00:22:16

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 60.8.0.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709)

  • Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811)

  • Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711)

  • Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712)

  • Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)

  • Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715)

  • Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)

  • Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Thunderbird fails to authenticate with gmail with ssl/tls and OAuth2 (BZ#1725919)