Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

SciLinux SL6: SLSA-2019-0159-1 Critical: Thunderbird Memory Safety Fix

Scientific Large Esm H446
This update upgrades Thunderbird to version 60.4.0. * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violatio [More...]
Synopsis: Important: thunderbird security update
Advisory ID:       SLSA-2019:0159-1
Issue Date:        2019-01-25
CVE Numbers:       CVE-2018-17466
                   CVE-2018-12405
                   CVE-2018-18492
                   CVE-2018-18493
                   CVE-2018-18494
                   CVE-2018-18498
--

This update upgrades Thunderbird to version 60.4.0.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
(CVE-2018-12405)

* chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466)

* Mozilla: Use-after-free with select element (CVE-2018-18492)

* Mozilla: Buffer overflow in accelerated 2D canvas with Skia
(CVE-2018-18493)

* Mozilla: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs (CVE-2018-18494)

* Mozilla: Integer overflow when calculating buffer sizes for images
(CVE-2018-18498)
--

SL6
  x86_64
    thunderbird-60.4.0-1.el6.x86_64.rpm
    thunderbird-debuginfo-60.4.0-1.el6.x86_64.rpm
  i386
    thunderbird-60.4.0-1.el6.i686.rpm
    thunderbird-debuginfo-60.4.0-1.el6.i686.rpm

- Scientific Linux Development Team