Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1152-1

Опубликовано: 04 апр. 2019
Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Security issues fixed:

  • update to Mozilla Thunderbird 60.6.1 (bsc#1130262):

  • CVE-2019-9813: Fixed Ionmonkey type confusion with proto mutations

  • CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information

Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12

Список пакетов

openSUSE Leap 42.3
MozillaThunderbird-60.6.1-89.1
MozillaThunderbird-buildsymbols-60.6.1-89.1
MozillaThunderbird-translations-common-60.6.1-89.1
MozillaThunderbird-translations-other-60.6.1-89.1

Ссылки

Описание

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Затронутые продукты
openSUSE Leap 42.3:MozillaThunderbird-60.6.1-89.1
openSUSE Leap 42.3:MozillaThunderbird-buildsymbols-60.6.1-89.1
openSUSE Leap 42.3:MozillaThunderbird-translations-common-60.6.1-89.1
openSUSE Leap 42.3:MozillaThunderbird-translations-other-60.6.1-89.1
Ссылки

Описание

Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Затронутые продукты
openSUSE Leap 42.3:MozillaThunderbird-60.6.1-89.1
openSUSE Leap 42.3:MozillaThunderbird-buildsymbols-60.6.1-89.1
openSUSE Leap 42.3:MozillaThunderbird-translations-common-60.6.1-89.1
openSUSE Leap 42.3:MozillaThunderbird-translations-other-60.6.1-89.1
Ссылки