Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Mageia: 2019-0272 Moderate: Thunderbird Memory Safety Fixes

mageia
Calendar Grey September 12, 2019
Dist Mageia Esm H88
Notice regarding Thunderbird addressing essential security threats, particularly concerning memory safety and script injection flaws.
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, an...

Summary

This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues:
Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. (CVE-2019-11709)
Memory safety bugs fixed in Firefox 68 and Thunderbird 68. (CVE-2019-11710)
Script injection within domain through inner window reuse. (CVE-2019-11711)
Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. (CVE-2019-11712)
Use-after-free with HTTP/2 cached stream. (CVE-2019-11713)
NeckoChild can trigger crash when accessed off of main thread. (CVE-2019-11714)
HTML parsing error can contribute to content XSS. (CVE-2019-11715)
globalThis not enumerable until accessed. (CVE-2019-11716)
Caret character improperly escaped in origins. (CVE-2019-11717)
Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719)
Character encoding XSS vulnerability. (CVE-2019-11720)
Domain spoofing through unicode latin 'kra' character. (CVE-2019-11721)
...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25396

- https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/

- https://enigmail.net/index.php/en/download/changelog#enig2.1.2

- https://support.mozilla.org/en-US/kb/calendar-updates-issues-thunderbird

- https://www.cve.org/CVERecord?id=CVE-2019-11709

- https://www.cve.org/CVERecord?id=CVE-2019-11710

- https://www.cve.org/CVERecord?id=CVE-2019-11711

- https://www.cve.org/CVERecord?id=CVE-2019-11712

- https://www.cve.org/CVERecord?id=CVE-2019-11713

- https://www.cve.org/CVERecord?id=CVE-2019-11714

- https://www.cve.org/CVERecord?id=CVE-2019-11715

- https://www.cve.org/CVERecord?id=CVE-2019-11716

- https://www.cve.org/CVERecord?id=CVE-2019-11717

- https://www.cve.org/CVERecord?id=CVE-2019-11719

- https://www.cve.org/CVERecord?id=CVE-2019-11720

- https://www.cve.org/CVERecord?id=CVE-2019-11721

- https://www.cve.org/CVERecord?id=CVE-2019-11723

- https://www.cve.org/CVERecord?id=CVE-2019-11724

- https://www.cve.org/CVERecord?id=CVE-2019-11725

- https://www.cve.org/CVERecord?id=CVE-2019-11727

- https://www.cve.org/CVERecord?id=CVE-2019-11728

- https://www.cve.org/CVERecord?id=CVE-2019-11729

- https://www.cve.org/CVERecord?id=CVE-2019-11730

Topics%20covered

Topics Covered

security advisory thunderbird memory safety script injection Mageia cross-origin requests

Resolution

SRPMS

- 7/core/thunderbird-68.0-1.3.mga7

- 7/core/thunderbird-l10n-68.0-1.mga7

Publication date: 12 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0272.html
Type: security
CVE: CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729, CVE-2019-11730

Topics%20covered

Topics Covered

security advisory thunderbird memory safety script injection Mageia cross-origin requests

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here