Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2018:2251-1
Issue Date: 2018-07-25
CVE Numbers: CVE-2018-12359
CVE-2018-12360
CVE-2018-12362
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-5188
CVE-2018-12373
CVE-2018-12372
CVE-2018-12374
—
This update upgrades Thunderbird to version 52.9.1.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
Firefox ESR 52.9 (CVE-2018-5188)
* Mozilla: Buffer overflow using computed size of canvas element
(CVE-2018-12359)
* Mozilla: Use-after-free using focus() (CVE-2018-12360)
* Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362)
* Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363)
* Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
(CVE-2018-12364)
* thunderbird: S/MIME and PGP decryption oracles can be built with HTML
emails (CVE-2018-12372)
* thunderbird: S/MIME plaintext can be leaked through HTML reply/forward
(CVE-2018-12373)
* Mozilla: Compromised IPC child process can list local filenames
(CVE-2018-12365)
* Mozilla: Invalid data handling during QCMS transformations
(CVE-2018-12366)
* thunderbird: Using form to exfiltrate encrypted mail part by pressing
enter in form field (CVE-2018-12374)
—
SL6
x86_64
thunderbird-52.9.1-1.el6.x86_64.rpm
thunderbird-debuginfo-52.9.1-1.el6.x86_64.rpm
i386
thunderbird-52.9.1-1.el6.i686.rpm
thunderbird-debuginfo-52.9.1-1.el6.i686.rpm
– Scientific Linux Development Team
