ArchLinux: 201904-4: thunderbird: arbitrary code execution
Summary
- CVE-2019-9810 (arbitrary code execution)
An incorrect alias information in the IonMonkey JIT compiler of Firefox
before 66.0.1 and Thunderbird before 60.6.1 for the
Array.prototype.slice method may lead to missing bounds check and a
buffer overflow.
- CVE-2019-9813 (arbitrary code execution)
An incorrect handling of __proto__ mutations may lead to type confusion
in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird
before 60.6.1, and can be leveraged for arbitrary memory read and
write.
Resolution
Upgrade to 60.6.1-1.
# pacman -Syu "thunderbird>=60.6.1-1"
The problems have been fixed upstream in version 60.6.1.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810 https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813 https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813 https://bugzilla.mozilla.org/show_bug.cgi?id=1538006 https://security.archlinux.org/CVE-2019-9810 https://security.archlinux.org/CVE-2019-9813
Workaround
None.