Arch Linux Security Advisory ASA-201904-4
=========================================

Severity: Critical
Date    : 2019-04-06
CVE-ID  : CVE-2019-9810 CVE-2019-9813
Package : thunderbird
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-947

Summary
=======

The package thunderbird before version 60.6.1-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 60.6.1-1.

# pacman -Syu "thunderbird>=60.6.1-1"

The problems have been fixed upstream in version 60.6.1.

Workaround
==========

None.

Description
===========

- CVE-2019-9810 (arbitrary code execution)

An incorrect alias information in the IonMonkey JIT compiler of Firefox
before 66.0.1 and Thunderbird before 60.6.1 for the
Array.prototype.slice method may lead to missing bounds check and a
buffer overflow.

- CVE-2019-9813 (arbitrary code execution)

An incorrect handling of __proto__ mutations may lead to type confusion
in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird
before 60.6.1, and can be leveraged for arbitrary memory read and
write.

Impact
======

A remote attacker can execute arbitrary code on the affected host.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810
https://bugzilla.mozilla.org/show_bug.cgi?id=1537924
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813
https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
https://security.archlinux.org/CVE-2019-9810
https://security.archlinux.org/CVE-2019-9813