Advisories ยป MGASA-2018-0261

Updated thunderbird packages fix security vulnerabilities

Publication date: 30 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5150 , CVE-2018-5154 , CVE-2018-5155 , CVE-2018-5159 , CVE-2018-5161 , CVE-2018-5162 , CVE-2018-5168 , CVE-2018-5170 , CVE-2018-5178 , CVE-2018-5183 , CVE-2018-5184 , CVE-2018-5185

Description

Updated thunderbird packages fix security vulnerabilities:

Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
(CVE-2018-5150).

Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154).

Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155).

Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159).

Mozilla: Hang via malformed headers (CVE-2018-5161).

Mozilla: Encrypted mail leaks plaintext through src attribute
(CVE-2018-5162).

Mozilla: Lightweight themes can be installed without user interaction
(CVE-2018-5168).

Mozilla: Filename spoofing for external attachments (CVE-2018-5170).

Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through
legacy extension (CVE-2018-5178).

Mozilla: Backport critical security fixes in Skia (CVE-2018-5183).

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack
(CVE-2018-5184).

Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185).
                

References

SRPMS

6/core