MGASA-2019-0190
- Source
- https://advisories.mageia.org/MGASA-2019-0190.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0190.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0190
- Related
- Published
- 2019-06-10T19:17:03Z
- Modified
- 2019-06-10T18:39:37Z
- Summary
- Updated thunderbird packages fix security vulnerabilities
- Details
-
Updated thunderbird packages fixes bugs and security vulnerabilities:
Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511)
Out-of-bounds read in Skia. (CVE-2019-5798)
Use-after-free in pngimagefree of libpng library. (CVE-2019-7317)
Cross-origin theft of images with createImageBitmap. (CVE-2019-9797)
Memory safety bugs fixed in Thunderbird 60.7. (CVE-2019-9800)
Type confusion with object groups and UnboxedObjects. (CVE-2019-9816)
Stealing of cross-domain images using canvas. (CVE-2019-9817)
Use-after-free in crash generation server. (CVE-2019-9818)
Compartment mismatch with fetch API. (CVE-2019-9819)
Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820)
Use-after-free in XMLHttpRequest. (CVE-2019-11691)
Use-after-free removing listeners in the event listener manager. (CVE-2019-11692)
Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693)
Theft of user history data through drag and drop of hyperlinks to and from bookmarks. (CVE-2019-11698)
Inline-PGP messages that allows an attacker to have Enigmail display a correctly signed or encrypted message info, but display a different unauthenticated text.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:rpm/mageia/thunderbird?distro=mageia-6
Mageia:6 / thunderbird-l10n
Package
- Name
- thunderbird-l10n
- Purl
- pkg:rpm/mageia/thunderbird-l10n?distro=mageia-6