(RHSA-2019:1799) Important: thunderbird security and bug fix update

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 60.8.0.

Security Fix(es):

• Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709)

• Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811)

• Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711)

• Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712)

• Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)

• Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715)

• Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)

• Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Thunderbird fails to authenticate with gmail with ssl/tls and OAuth2 (BZ#1725919)