thunderbird (SL6)

By Scientific Linux Team on January 25, 2019

Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2019:0159-1
Issue Date: 2019-01-25
CVE Numbers: CVE-2018-17466
CVE-2018-12405
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498

This update upgrades Thunderbird to version 60.4.0.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
(CVE-2018-12405)

* chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466)

* Mozilla: Use-after-free with select element (CVE-2018-18492)

* Mozilla: Buffer overflow in accelerated 2D canvas with Skia
(CVE-2018-18493)

* Mozilla: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs (CVE-2018-18494)

* Mozilla: Integer overflow when calculating buffer sizes for images
(CVE-2018-18498)

SL6
x86_64
thunderbird-60.4.0-1.el6.x86_64.rpm
thunderbird-debuginfo-60.4.0-1.el6.x86_64.rpm
i386
thunderbird-60.4.0-1.el6.i686.rpm
thunderbird-debuginfo-60.4.0-1.el6.i686.rpm

– Scientific Linux Development Team