Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia 7: 2019-0285 Moderate: Thunderbird Covert Content Issue

mageia
Calendar Grey September 21, 2019
Dist Mageia Esm H88
Recently revised Mageia Thunderbird packages tackle vulnerabilities related to S/MIME and address memory safety flaws.
The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message

Summary

The updated thunderbird packages fix security issues:
Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. (CVE-2019-11739)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. (CVE-2019-11740)
Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742)
Cross-origin access to unload event attributes. (CVE-2019-11743)
XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744)
Use-after-free while manipulating video. (CVE-2019-11746)
Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)

References

- https://bugs.mageia.org/show_bug.cgi?id=25435

- https://www.thunderbird.net/en-US/thunderbird/68.1.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2019-30/

- https://www.cve.org/CVERecord?id=CVE-2019-11739

- https://www.cve.org/CVERecord?id=CVE-2019-11740

- https://www.cve.org/CVERecord?id=CVE-2019-11742

- https://www.cve.org/CVERecord?id=CVE-2019-11743

- https://www.cve.org/CVERecord?id=CVE-2019-11744

- https://www.cve.org/CVERecord?id=CVE-2019-11746

- https://www.cve.org/CVERecord?id=CVE-2019-11752

Topics%20covered

Topics Covered

security advisory thunderbird memory safety S/MIME Mageia covert attack content attack

Resolution

SRPMS

- 7/core/thunderbird-68.1.0-1.1.mga7

- 7/core/thunderbird-l10n-68.1.0-1.mga7

Publication date: 21 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0285.html
Type: security
CVE: CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752

Topics%20covered

Topics Covered

security advisory thunderbird memory safety S/MIME Mageia covert attack content attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here