thunderbird (SL6)

Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2020:5238-1
Issue Date: 2020-11-30
CVE Numbers: CVE-2020-26951
CVE-2020-16012
CVE-2020-26953
CVE-2020-26956
CVE-2020-26958
CVE-2020-26959
CVE-2020-26960
CVE-2020-26961
CVE-2020-26965
CVE-2020-26968

This update upgrades Thunderbird to version 78.5.0.

Security Fix(es):

* Mozilla: Parsing mismatches could confuse and bypass security sanitizer
for chrome privileged code (CVE-2020-26951)

* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
(CVE-2020-26968)

* Mozilla: Variable time processing of cross-origin images during
drawImage calls (CVE-2020-16012)

* Mozilla: Fullscreen could be enabled without displaying the security UI
(CVE-2020-26953)

* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)

* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type
restrictions (CVE-2020-26958)

* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)

* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)

* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)

* Mozilla: Software keyboards may have remembered typed passwords
(CVE-2020-26965)

SL6
x86_64
thunderbird-78.5.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-78.5.0-1.el6_10.x86_64.rpm
i386
thunderbird-78.5.0-1.el6_10.i686.rpm

– Scientific Linux Development Team