MGASA-2018-0261

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0261.html
Import Source
https://advisories.mageia.org/MGASA-2018-0261.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2018-0261
Related
Published
2018-05-30T19:55:44Z
Modified
2018-05-30T19:38:08Z
Summary
Updated thunderbird packages fix security vulnerabilities
Details

Updated thunderbird packages fix security vulnerabilities:

Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150).

Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154).

Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155).

Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159).

Mozilla: Hang via malformed headers (CVE-2018-5161).

Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162).

Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168).

Mozilla: Filename spoofing for external attachments (CVE-2018-5170).

Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178).

Mozilla: Backport critical security fixes in Skia (CVE-2018-5183).

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184).

Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185).

References
Credits

Affected packages

Mageia:6 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/mageia/thunderbird?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.8.0-4.mga6

Ecosystem specific 

{
    "section": "core"
}

Mageia:6 / thunderbird-l10n

Package

Name
thunderbird-l10n
Purl
pkg:rpm/mageia/thunderbird-l10n?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.8.0-1.mga6

Ecosystem specific 

{
    "section": "core"
}