Red Hat Security Advisory: thunderbird security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2018-5188 — Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 CVE-2018-12359 — Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12360 — Mozilla: Use-after-free using focus() CVE-2018-12362 — Mozilla: Integer overflow in SSSE3 scaler CVE-2018-12363 — Mozilla: Use-after-free when appending DOM nodes CVE-2018-12364 — Mozilla: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365 — Mozilla: Compromised IPC child process can list local filenames CVE-2018-12366 — Mozilla: Invalid data handling during QCMS transformations CVE-2018-12372 — thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails CVE-2018-12373 — thunderbird: S/MIME plaintext can be leaked through HTML reply/forward CVE-2018-12374 — thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2018:2252
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-18/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595024
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595025
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595027
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595029
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595030
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595031
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595040
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1598529
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1598538
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1598543
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2252.json