Advisories ยป MGASA-2019-0316

Updated thunderbird packages fix security vulnerabilities

Publication date: 07 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11757 , CVE-2019-11758 , CVE-2019-11759 , CVE-2019-11760 , CVE-2019-11761 , CVE-2019-11762 , CVE-2019-11763 , CVE-2019-11764 , CVE-2019-15903


The updated packages fix security issues:

Use-after-free when creating index updates in IndexedDB.

Potentially exploitable crash due to 360 Total Security.

Stack buffer overflow in HKDF output. (CVE-2019-11759)

Stack buffer overflow in WebRTC networking. (CVE-2019-11760)

Unintended access to a privileged JSONView object. (CVE-2019-11761)

document.domain-based origin isolation has same-origin-property
violation. (CVE-2019-11762)

Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)

Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764)

Heap overflow in expat library in XML_GetCurrentLineNumber.

Enigmail has been updated to 2.1.3.