AVG-1054 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 68.1.1-1
Fixed 68.2.0-1
Current 68.3.0-1 [extra]
Ticket None
Created Sat Oct 26 17:45:26 2019
Issue Severity Remote Type Description
CVE-2019-15903 Medium Yes Denial of service
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing...
CVE-2019-11764 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 70.0 and Thunderbird before 68.2. Some of these bugs showed evidence of memory corruption and...
CVE-2019-11763 Medium Yes Insufficient validation
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities...
CVE-2019-11762 Medium Yes Same-origin policy bypass
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain...
CVE-2019-11761 Medium Yes Access restriction bypass
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the...
CVE-2019-11760 Critical Yes Arbitrary code execution
A fixed-size stack buffer overflow has been found in nrappkit, in the WebRTC signaling code of Firefox before 70.0 and Thunderbird before 68.2.
CVE-2019-11759 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in the HKDF output of Firefox before 70.0 and Thunderbird before 68.2. An attacker could have caused 4 bytes of...
CVE-2019-11757 Critical Yes Arbitrary code execution
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the...
Date Advisory Package Description
26 Oct 2019 ASA-201910-15 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/