Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Mageia: 2019-0190 Moderate: Thunderbird Cross-Origin Image Theft Fix

mageia
Calendar Grey June 10, 2019
Dist Mageia Esm H88
The latest Thunderbird updates rectify multiple security flaws within Mageia 6, enhancing the protection of the application.
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext

Summary

Updated thunderbird packages fixes bugs and security vulnerabilities:
Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511)
Out-of-bounds read in Skia. (CVE-2019-5798)
Use-after-free in png_image_free of libpng library. (CVE-2019-7317)
Cross-origin theft of images with createImageBitmap. (CVE-2019-9797)
Memory safety bugs fixed in Thunderbird 60.7. (CVE-2019-9800)
Type confusion with object groups and UnboxedObjects. (CVE-2019-9816)
Stealing of cross-domain images using canvas. (CVE-2019-9817)
Use-after-free in crash generation server. (CVE-2019-9818)
Compartment mismatch with fetch API. (CVE-2019-9819)
Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820)
Use-after-free in XMLHttpRequest. (CVE-2019-11691)
Use-after-free removing listeners in the event listener manager. (CVE-2019-11692)
Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693)
Theft of user history data through drag and drop of hyperlinks to and from bookmarks. (CVE-2019-11...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24837

- https://www.thunderbird.net/en-US/thunderbird/60.7.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/

- https://enigmail.net/index.php/en/download/changelog#enig2.0.11

- https://www.cve.org/CVERecord?id=CVE-2018-18511

- https://www.cve.org/CVERecord?id=CVE-2019-5798

- https://www.cve.org/CVERecord?id=CVE-2019-7317

- https://www.cve.org/CVERecord?id=CVE-2019-9797

- https://www.cve.org/CVERecord?id=CVE-2019-9800

- https://www.cve.org/CVERecord?id=CVE-2019-9816

- https://www.cve.org/CVERecord?id=CVE-2019-9817

- https://www.cve.org/CVERecord?id=CVE-2019-9818

- https://www.cve.org/CVERecord?id=CVE-2019-9819

- https://www.cve.org/CVERecord?id=CVE-2019-9820

- https://www.cve.org/CVERecord?id=CVE-2019-11691

- https://www.cve.org/CVERecord?id=CVE-2019-11692

- https://www.cve.org/CVERecord?id=CVE-2019-11693

- https://www.cve.org/CVERecord?id=CVE-2019-11698

Topics%20covered

Topics Covered

security advisory malware thunderbird memory safety cross-origin mageia image theft

Resolution

SRPMS

- 6/core/thunderbird-60.7.0-1.mga6

- 6/core/thunderbird-l10n-60.7.0-1.mga6

Publication date: 10 Jun 2019
URL: https://advisories.mageia.org/MGASA-2019-0190.html
Type: security
CVE: CVE-2018-18511, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9816, CVE-2019-9817, CVE-2019-9818, CVE-2019-9819, CVE-2019-9820, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698

Topics%20covered

Topics Covered

security advisory malware thunderbird memory safety cross-origin mageia image theft

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here