SciLinux: SLSA-2018-2251-1 Important: thunderbird on SL6.x i386/x86_64
Summary
Important: thunderbird security update
Security Fixes
* Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
Firefox ESR 52.9 (CVE-2018-5188)
* Mozilla: Buffer overflow using computed size of canvas element
(CVE-2018-12359)
* Mozilla: Use-after-free using focus() (CVE-2018-12360)
* Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362)
* Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363)
* Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
(CVE-2018-12364)
* thunderbird: S/MIME and PGP decryption oracles can be built with HTML
emails (CVE-2018-12372)
* thunderbird: S/MIME plaintext can be leaked through HTML reply/forward
(CVE-2018-12373)
* Mozilla: Compromised IPC child process can list local filenames
(CVE-2018-12365)
* Mozilla: Invalid data handling during QCMS transformations
(CVE-2018-12366)
* thunderbird: Using form to exfiltrate encrypted mail part by pressing
enter in form field (CVE-2018-12374)
SL6
x86_64
thunderbird-52.9.1-1.el6.x86_64.rpm
thunderbird-debuginfo-52.9.1-1.el6.x86_64.rpm
i386
thunderbird-52.9.1-1.el6.i686.rpm
thunderbird-debuginfo-52.9.1-1.el6.i686.rpm
- Scientific Linux Development Team