Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird to version 60.5.1 fixes the following issues:
Security issues fixed (MFSA 2019-06 bsc#1125330):
- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D. This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistekenly that emails bring a valid sugnature.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2019:0250-1
- SUSE Security Ratings
Описание
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18335
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18356
- SUSE Bug 1118529
- SUSE Bug 1125330
- SUSE Bug 1125396
Описание
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.
Затронутые продукты
Ссылки
- CVE-2018-18509
Описание
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5785
- SUSE Bug 1125330
- SUSE Bug 1125396