MGASA-2019-0190

Advisory lineage Upstream: 14 Downstream: 0
Published: 10 Jun 2019, 19:17
Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Jun 2019, 19:17
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated

Description

Updated thunderbird packages fix security vulnerabilities Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511) Out-of-bounds read in Skia. (CVE-2019-5798) Use-after-free in png_image_free of libpng library. (CVE-2019-7317) Cross-origin theft of images with createImageBitmap. (CVE-2019-9797) Memory safety bugs fixed in Thunderbird 60.7. (CVE-2019-9800) Type confusion with object groups and UnboxedObjects. (CVE-2019-9816) Stealing of cross-domain images using canvas. (CVE-2019-9817) Use-after-free in crash generation server. (CVE-2019-9818) Compartment mismatch with fetch API. (CVE-2019-9819) Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820) Use-after-free in XMLHttpRequest. (CVE-2019-11691) Use-after-free removing listeners in the event listener manager. (CVE-2019-11692) Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693) Theft of user history data through drag and drop of hyperlinks to and from bookmarks. (CVE-2019-11698) Inline-PGP messages that allows an attacker to have Enigmail display a correctly signed or encrypted message info, but display a different unauthenticated text.

Affected Systems

  • mageiathunderbird

    < 60.7.0-1.mga6

  • mageiathunderbird-l10n

    < 60.7.0-1.mga6

References (5)