AVG-1099 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 68.4.2-1
Fixed 68.5.0-1
Current 68.5.0-1 [extra]
Ticket None
Created Thu Feb 13 09:19:04 2020
Issue Severity Remote Type Description
CVE-2020-6800 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 73.0 and Thunderbird before 68.5. Some of these bugs showed evidence of memory corruption and...
CVE-2020-6798 Medium Yes Cross-site scripting
An incorrect parsing of template could result in Javascript injection in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag was used in a...
CVE-2020-6795 Medium Yes Denial of service
A null-pointer dereference has been found in Thunderbird before 68.5, when processing a message that contains multiple S/MIME signatures.
CVE-2020-6794 Medium No Information disclosure
It has been found that setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords before Thunderbird 68.5. If a...
CVE-2020-6793 Medium Yes Information disclosure
An out-of-bounds read has been found in Thunderbird before 68.5, when processing an e-mail message with an ill-formed envelope.
CVE-2020-6792 Low Yes Information disclosure
An information disclosure issue has bee found in Thunderbird before 68.5. When deriving an Message ID identifier for an email message, uninitialized memory...
Date Advisory Package Description
13 Feb 2020 ASA-202002-9 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/