Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird to version 60.7.2 fixes the following issues:
Security issues fixed:
- CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614)
- CVE-2019-11708: Fixed an issue which could have allowed sandbox escape using Prompt:Open (bsc#1138872).
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2019:1594-1
- SUSE Security Ratings
Описание
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Затронутые продукты
Ссылки
- CVE-2019-11707
- SUSE Bug 1138614
Описание
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
Затронутые продукты
Ссылки
- CVE-2019-11708
- SUSE Bug 1138872