AVG-1179 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 68.8.1-1
Fixed 68.9.0-1
Current 128.5.2-1 [extra-testing]
128.5.1-1 [extra]
Ticket None
Created Fri Jun 5 13:53:10 2020
Issue Severity Remote Type Description
CVE-2020-12410 High Yes Arbitrary code execution
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76, Firefox ESR 68.8 and Thunderbird before 68.9.0. Some of...
CVE-2020-12406 High Yes Arbitrary code execution
Mozilla Developer Iain Ireland discovered a missing type check in Firefox before 77.0 and Thunderbird before 68.9.0 during unboxed objects removal,...
CVE-2020-12405 High Yes Denial of service
When browsing a malicious page in Firefox before 77.0 and Thunderbird before 68.9.0, a race condition in our SharedWorkerService could occur and lead to a...
CVE-2020-12399 High Yes Private key recovery
NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was...
CVE-2020-12398 High Yes Man-in-the-middle
A security downgrade issue has been found in Thunderbird before 68.9.0. If Thunderbird is configured to use STARTTLS for an IMAP server, and the server...
Date Advisory Package Type
06 Jun 2020 ASA-202006-4 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/