May 5, 2020 Andrey Cherepanov 68.8.0-alt1
- New version (68.8.0).
- Fixes:
+ CVE-2020-12397 Sender Email Address Spoofing using encoded Unicode characters
+ CVE-2020-12387 Use-after-free during worker shutdown
+ CVE-2020-6831 Buffer overflow in SCTP chunk input validation
+ CVE-2020-12392 Arbitrary local file access with 'Copy as cURL'
+ CVE-2020-12393 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2020-12395 Memory safety bugs fixed in Thunderbird 68.8.0