The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2018-5170 : Filename spoofing for external attachmentsCVE-2018-5184 : Full plaintext recovery in S/MIME via chosen-ciphertext attackCVE-2018-5159 : Integer overflow and out-of-bounds write in SkiaCVE-2018-5178 : Buffer overflow during UTF-8 to Unicode string conversion through legacy extensionCVE-2018-5168 : Lightweight themes can be installed without user interactionCVE-2018-5150 : Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8CVE-2018-5154 : Use-after-free with SVG animations and clip pathsCVE-2018-5185 : Leaking plaintext through HTML forms