Updated thunderbird packages fix security vulnerability

2019-04-0521:12:59

Gentoo Foundation

advisories.mageia.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.936

Percentile

99.2%

JSON

Use-after-free when removing in-use DOM elements. (CVE-2019-9790) Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey. (CVE-2019-9791) IonMonkey leaks JS_OPTIMIZED_OUT magic value to script. (CVE-2019-9792) Improper bounds checks when Spectre mitigations are disabled. (CVE-2019-9793) Command line arguments not discarded during execution. (CVE-2019-9794) Type-confusion in IonMonkey JIT compiler. (CVE-2019-9795) Use-after-free with SMIL animation controller. (CVE-2019-9796) Windows programs that are not ‘URL Handlers’ are exposed to web content. (CVE-2019-9801) Proxy Auto-Configuration file can define localhost access to be proxied. (CVE-2018-18506) Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. (CVE-2019-9788) IonMonkey MArraySlice has incorrect alias information. (CVE-2019-9810) Ionmonkey type confusion with proto mutations. (CVE-2019-9813)

OSVersionArchitecturePackageVersionFilename
Mageia6noarchthunderbird< 60.6.1-1thunderbird-60.6.1-1.mga6
Mageia6noarchthunderbird-l10n< 60.6.1-1thunderbird-l10n-60.6.1-1.mga6