RHSA-2020:0919-01 -- Redhat thunderbirdID: oval:org.secpod.oval:def:66533 | Date: (C)2020-10-30 (M)2023-07-13 |
Class: PATCH | Family: unix |
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after-free in cubeb during stream destruction * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 * Mozilla: Out of bounds reads in sctp_load_addresses_from_init * Mozilla: Devtools" "Copy as cURL" feature did not fully escape website-controlled data, potentially leading to command injection * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.