Advisories » MGASA-2019-0201

Updated thunderbird packages fix security vulnerabilities

Publication date: 02 Jul 2019
Modification date: 02 Jul 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-11707 , CVE-2019-11708

Description

Updated thunderbird packages fix security vulnerabilities:

Type confusion in Array.pop. (CVE-2019-11707)

Sandbox escape using Prompt:Open. (CVE-2019-11708)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24995
• https://www.thunderbird.net/en-US/thunderbird/60.7.2/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11708

SRPMS

6/core

• thunderbird-60.7.2-1.mga6
• thunderbird-l10n-60.7.2-1.mga6

7/core

• thunderbird-60.7.2-1.mga7
• thunderbird-l10n-60.7.2-1.mga7