RHSA-2018:3403HighCVSS 9.8
Red Hat Security Advisory: thunderbird security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2017-16541 — Mozilla: Proxy bypass using automount and autofs CVE-2018-12376 — Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12377 — Mozilla: Use-after-free in driver timers CVE-2018-12378 — Mozilla: Use-after-free in IndexedDB CVE-2018-12379 — Mozilla: Out-of-bounds write with malicious MAR file CVE-2018-12383 — Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords CVE-2018-12385 — Mozilla: Crash in TransportSecurityInfo due to cached data CVE-2018-18499 — Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2018:3403
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-25/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1510816
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1625525
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1625526
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1625527
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1625528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1625531
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1632062
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3403.json