Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SL7: SLSA-2019-0270-1 Critical: Thunderbird Use-After-Free Issues

Scientific Large Esm H446
This update upgrades Thunderbird to version 60.5.0. * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) SL7 x86_64 thunderbird-60.5.0-1.el7_6. [More...]
Synopsis: Important: thunderbird security update
Advisory ID:       SLSA-2019:0270-1
Issue Date:        2019-02-04
CVE Numbers:       CVE-2018-18500
                   CVE-2018-18501
                   CVE-2018-18505
                   CVE-2016-5824
--

This update upgrades Thunderbird to version 60.5.0.

Security Fix(es):

* Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500)

* Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
(CVE-2018-18501)

* Mozilla: Privilege escalation through IPC channel messages
(CVE-2018-18505)

* libical: Multiple use-after-free vulnerabilities (CVE-2016-5824)
--

SL7
  x86_64
    thunderbird-60.5.0-1.el7_6.x86_64.rpm
    thunderbird-debuginfo-60.5.0-1.el7_6.x86_64.rpm

- Scientific Linux Development Team