Advisories ยป MGASA-2019-0129

Updated thunderbird packages fix security vulnerability

Publication date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9788 , CVE-2019-9790 , CVE-2019-9791 , CVE-2019-9792 , CVE-2019-9793 , CVE-2019-9794 , CVE-2019-9795 , CVE-2019-9796 , CVE-2019-9801 , CVE-2019-9810 , CVE-2019-9813 , CVE-2018-18506


Use-after-free when removing in-use DOM elements. (CVE-2019-9790)

Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey. (CVE-2019-9791)

IonMonkey leaks JS_OPTIMIZED_OUT magic value to script. (CVE-2019-9792)

Improper bounds checks when Spectre mitigations are disabled.

Command line arguments not discarded during execution. (CVE-2019-9794)

Type-confusion in IonMonkey JIT compiler. (CVE-2019-9795)

Use-after-free with SMIL animation controller. (CVE-2019-9796)

Windows programs that are not 'URL Handlers' are exposed to web content.

Proxy Auto-Configuration file can define localhost access to be proxied.

Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird
60.6. (CVE-2019-9788)

IonMonkey MArraySlice has incorrect alias information. (CVE-2019-9810)

Ionmonkey type confusion with __proto__ mutations. (CVE-2019-9813)