Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2019:1775-1
Issue Date: 2019-07-15
CVE Numbers: CVE-2019-11709
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11715
CVE-2019-11717
CVE-2019-11730
CVE-2019-9811
—
This update upgrades Thunderbird to version 60.8.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
(CVE-2019-11709)
* Mozilla: Sandbox escape via installation of malicious language pack
(CVE-2019-9811)
* Mozilla: Script injection within domain through inner window reuse
(CVE-2019-11711)
* Mozilla: Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects (CVE-2019-11712)
* Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)
* Mozilla: HTML parsing error can contribute to content XSS
(CVE-2019-11715)
* Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)
* Mozilla: Same-origin policy treats all files in a directory as having
the same-origin (CVE-2019-11730)
—
SL7
x86_64
thunderbird-60.8.0-1.el7_6.x86_64.rpm
thunderbird-debuginfo-60.8.0-1.el7_6.x86_64.rpm
– Scientific Linux Development Team
