Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: 2020-0300 Moderate: Thunderbird Email Security Patch

mageia
Calendar Grey July 31, 2020
Dist Mageia Esm H88
Revised Thunderbird editions tackle critical vulnerabilities, improving the safeguarding of email information and ensuring user security.
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing ema...

Summary

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection (CVE-2020-12398).
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash due to a use-after-free (CVE-2020-12405).
Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash due to type confusion with NativeTypes. We presume that with enough effort that it could be exploited to run arbitrary code (CVE-2020-12406).
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12410).
Manipulating individual parts of a URL object coul...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26891

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/

- https://www.cve.org/CVERecord?id=CVE-2020-12398

- https://www.cve.org/CVERecord?id=CVE-2020-12405

- https://www.cve.org/CVERecord?id=CVE-2020-12406

- https://www.cve.org/CVERecord?id=CVE-2020-12410

- https://www.cve.org/CVERecord?id=CVE-2020-12418

- https://www.cve.org/CVERecord?id=CVE-2020-12419

- https://www.cve.org/CVERecord?id=CVE-2020-12420

- https://www.cve.org/CVERecord?id=CVE-2020-12421

Topics%20covered

Topics Covered

security advisory software update security patch email protection thunderbird Mageia encrypt communication

Resolution

SRPMS

- 7/core/thunderbird-68.10.0-1.mga7

- 7/core/thunderbird-l10n-68.10.0-1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 31 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0300.html
Type: security
CVE: CVE-2020-12398, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421

Topics%20covered

Topics Covered

security advisory software update security patch email protection thunderbird Mageia encrypt communication

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here