Updated thunderbird packages fix security vulnerabilities
Publication date: 15 Sep 2019Modification date: 15 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11739 , CVE-2019-11740 , CVE-2019-11742 , CVE-2019-11743 , CVE-2019-11744 , CVE-2019-11752
Description
Updated thunderbird packages fix security vulnerabilities:
Covert Content Attack on S/MIME encryption using a crafted multipart/
alternative message (CVE-2019-11739).
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox
ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 (CVE-2019-11740)
Same-origin policy violation with SVG filters and canvas to steal
cross-origin images (CVE-2019-11742)
Cross-origin access to unload event attributes (CVE-2019-11743)
XSS by breaking out of title and textarea elements using innerHTML
(CVE-2019-11744)
Use-after-free while manipulating video (CVE-2019-11746)
Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
References
- https://bugs.mageia.org/show_bug.cgi?id=25415
- https://www.thunderbird.net/en-US/thunderbird/60.9.0/releasenotes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752
SRPMS
6/core
- thunderbird-60.9.0-1.mga6
- thunderbird-l10n-60.9.0-1.mga6