OPENSUSE-SU-2019:2248-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 68.1.1 fixes the following issues: - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

Amazon Linux 2 : thunderbird (ALAS-2019-1304)

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation cou...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2249-1 Rating: important References: 1140868 1141322 1149296 1149297 1149298 1149299 1149303 1149304 1150939 1152375 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2248-1 Rating: important References: 1140868 1141322 1149296 1149297 1149298 1149299 1149303 1149304 1150939 1152375 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712...

The vulnerability of the fly-hexedit component in the FLY operating environment of the Astra Linux system allows a perpetrator to compromise data integrity.

The vulnerability of the fly-hexedit component in the FLY environment of the Astra Linux operating system is related to file corruption when saving files with the same name. Exploiting this vulnerability can allow an attacker to compromise data integrity...

Adobe Flash Player Information Disclosure Vulnerability (CNVD-2019-39594)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. An attacker could exploit this vulnerability to bypass the...

Important: thunderbird

Issue Overview: Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin poli...

CVE-2019-11733

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password ...

DEBIAN-CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Cross site scripting

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history throu...

Design/Logic Flaw

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-11742

CVE-2019-11742 describes a same-origin policy violation enabling theft of cross-origin images via a combination of SVG filters and a element, due to an error in how cached image content is treated. Affected: Firefox versions before 69, Thunderbird before 68.1 (and before 60.9 for ESR branches), ...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-8075

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

CVE-2019-8075

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

Code injection

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

CVE-2019-8075

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...