9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.33 Low
EPSS
Percentile
97.1%
- Buffer overflow using computed size of canvas element. (CVE-2018-12359) - Use-after-free when using focus(). (CVE-2018-12360) - Integer overflow in SwizzleData. (CVE-2018-12361) - Integer overflow in SSSE3 scaler. (CVE-2018-12362) - Media recorder segmentation fault when track type is changed during capture. (CVE-2018-5156) - Use-after-free when appending DOM nodes. (CVE-2018-12363) - CSRF attacks through 307 redirects and NPAPI plugins. (CVE-2018-12364) - Compromised IPC child process can list local filenames. (CVE-2018-12365) - Integer overflow in Skia library during edge builder allocation. (CVE-2018-12371) - Invalid data handling during QCMS transformations. (CVE-2018-12366) - Timing attack mitigation of PerformanceNavigationTiming. (CVE-2018-12367) - No warning when opening executable SettingContent-ms files. (CVE-2018-12368) - Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60. (CVE-2018-5187) - Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60. (CVE-2018-5188) - Use-after-free in refresh driver timers. (CVE-2018-12377) - Use-after-free in IndexedDB. (CVE-2018-12378) - Out-of-bounds write with malicious MAR file. (CVE-2018-12379) - Proxy bypass using automount and autofs. (CVE-2017-16541) - Crash in TransportSecurityInfo due to cached data. (CVE-2018-12385) - Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords. (CVE-2018-12383) - Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1. (CVE-2018-12376) - HTTP Live Stream audio data is accessible cross-origin. (CVE-2018-12391) - Crash with nested event loops. (CVE-2018-12392) - Integer overflow during Unicode conversion while loading JavaScript. (CVE-2018-12393) - Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3. (CVE-2018-12389) - Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3. (CVE-2018-12390)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | thunderbird | < 60.3.3-3 | thunderbird-60.3.3-3.mga6 |
Mageia | 6 | noarch | thunderbird-l10n | < 60.3.3-1 | thunderbird-l10n-60.3.3-1.mga6 |
access.redhat.com/errata/RHSA-2018:3458
access.redhat.com/errata/RHSA-2018:3532
bugs.mageia.org/show_bug.cgi?id=23706
lists.opensuse.org/opensuse-updates/2018-11/msg00009.html
www.debian.org/security/2018/dsa-4327
www.debian.org/security/2018/dsa-4337
www.mozilla.org/en-US/security/advisories/mfsa2018-19/
www.mozilla.org/en-US/security/advisories/mfsa2018-25/
www.mozilla.org/en-US/security/advisories/mfsa2018-28/
www.thunderbird.net/en-US/thunderbird/60.3.0/releasenotes/
www.thunderbird.net/en-US/thunderbird/60.3.1/releasenotes/
www.thunderbird.net/en-US/thunderbird/60.3.2/releasenotes/
www.thunderbird.net/en-US/thunderbird/60.3.3/releasenotes/
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.33 Low
EPSS
Percentile
97.1%