CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%
Use-after-free when removing in-use DOM elements. (CVE-2019-9790) Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey. (CVE-2019-9791) IonMonkey leaks JS_OPTIMIZED_OUT magic value to script. (CVE-2019-9792) Improper bounds checks when Spectre mitigations are disabled. (CVE-2019-9793) Command line arguments not discarded during execution. (CVE-2019-9794) Type-confusion in IonMonkey JIT compiler. (CVE-2019-9795) Use-after-free with SMIL animation controller. (CVE-2019-9796) Windows programs that are not ‘URL Handlers’ are exposed to web content. (CVE-2019-9801) Proxy Auto-Configuration file can define localhost access to be proxied. (CVE-2018-18506) Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. (CVE-2019-9788) IonMonkey MArraySlice has incorrect alias information. (CVE-2019-9810) Ionmonkey type confusion with proto mutations. (CVE-2019-9813)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | thunderbird | < 60.6.1-1 | thunderbird-60.6.1-1.mga6 |
Mageia | 6 | noarch | thunderbird-l10n | < 60.6.1-1 | thunderbird-l10n-60.6.1-1.mga6 |
bugs.mageia.org/show_bug.cgi?id=24541
lists.fedoraproject.org/archives/list/[email protected]/thread/2LKJX4XFUISMUN6H4VQJY7MSG5SM7LGB/
www.mozilla.org/en-US/security/advisories/mfsa2019-11/
www.mozilla.org/en-US/security/advisories/mfsa2019-12/
www.thunderbird.net/en-US/thunderbird/60.6.0/releasenotes/
www.thunderbird.net/en-US/thunderbird/60.6.1/releasenotes/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%