Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird was updated to 60.7.1:
Security issues fixed with MFSA 2019-17 (boo#1137595)
- CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595).
- CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595).
- CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595).
- CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595).
Also fixed:
- No prompt for smartcard PIN when S/MIME signing is used
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2019:1577-1
- SUSE Security Ratings
Описание
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Затронутые продукты
Ссылки
- CVE-2019-11703
- SUSE Bug 1137595
Описание
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Затронутые продукты
Ссылки
- CVE-2019-11704
- SUSE Bug 1137595
Описание
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Затронутые продукты
Ссылки
- CVE-2019-11705
- SUSE Bug 1137595
Описание
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
Затронутые продукты
Ссылки
- CVE-2019-11706
- SUSE Bug 1137595