FS#64740 : [thunderbird] <= 68.2.2: Mozilla Foundation Security Advisory 2019-38

FS#64740 - [thunderbird] <= 68.2.2: Mozilla Foundation Security Advisory 2019-38

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Thursday, 05 December 2019, 10:32 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 06 December 2019, 08:53 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Thunderbird 68.3 fixes a long list of CVEs:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/

As usual, most affect only JS "in browser or browser-like contexts" (see https://bugs.archlinux.org/task/62974), but there are two CVEs that I could imagine to pose a potential threat in normal email operation as well:

CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
CVE-2019-17005: Buffer overflow in plain text serializer

The corresponding bugs are non-public, so I can only guess.

This task depends upon

Closed by Evangelos Foutras (foutrelis)
Friday, 06 December 2019, 08:53 GMT
Reason for closing: Fixed
Additional comments about closing: thunderbird 68.3.0-1

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#64740 - [thunderbird] <= 68.2.2: Mozilla Foundation Security Advisory 2019-38

Details

Loading...