[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2018:3403 -- centos 6 thunderbird

ID: oval:org.secpod.oval:def:204897Date: (C)2018-11-12   (M)2023-07-28
Class: PATCHFamily: unix




Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Proxy bypass using automount and autofs * Mozilla: Out-of-bounds write with malicious MAR file * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed. For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, Holger Fuhrmannek, Philipp, and Jurgen Gaeremyn as the original reporters.

Platform:
CentOS 6
Product:
thunderbird
Reference:
CESA-2018:3403
CVE-2018-18499
CVE-2018-12385
CVE-2018-12383
CVE-2018-12379
CVE-2018-12378
CVE-2018-12377
CVE-2018-12376
CVE-2017-16541
CVE    8
CVE-2017-16541
CVE-2018-12376
CVE-2018-12377
CVE-2018-12378
...
CPE    2
cpe:/a:mozilla:thunderbird
cpe:/o:centos:centos:6

© SecPod Technologies