openSUSE-SU-2019:1990-1

This update for MozillaThunderbird fixes the following issues:

• Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

• Mozilla Thunderbird 60.8.0

  • Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales MFSA 2019-23 (boo#1140868)
  • CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack
  • CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse
  • CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
  • CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream
  • CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  • CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS
  • CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins
  • CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key
  • CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin
  • CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and Thunderbird 60.8