FS#64740 - [thunderbird] <= 68.2.2: Mozilla Foundation Security Advisory 2019-38
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Thursday, 05 December 2019, 10:32 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 06 December 2019, 08:53 GMT
Opened by Pascal Ernster (hardfalcon) - Thursday, 05 December 2019, 10:32 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 06 December 2019, 08:53 GMT
|
Details
Thunderbird 68.3 fixes a long list of CVEs:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/ As usual, most affect only JS "in browser or browser-like contexts" (see https://bugs.archlinux.org/task/62974), but there are two CVEs that I could imagine to pose a potential threat in normal email operation as well: CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher CVE-2019-17005: Buffer overflow in plain text serializer The corresponding bugs are non-public, so I can only guess. |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Friday, 06 December 2019, 08:53 GMT
Reason for closing: Fixed
Additional comments about closing: thunderbird 68.3.0-1
Friday, 06 December 2019, 08:53 GMT
Reason for closing: Fixed
Additional comments about closing: thunderbird 68.3.0-1