AVG-782 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 60.0-4
Fixed 60.2.1-1
Current 68.3.0-1 [extra]
Ticket FS#60424
Created Wed Oct 17 14:27:23 2018
Issue Severity Remote Type Description
CVE-2018-12385 Medium No Arbitrary code execution
A security issue has been found in Thunderbird versions prior to 60.2.1. A potentially exploitable crash in TransportSecurityInfo used for SSL can be...
CVE-2018-12383 Low No Information disclosure
A security issue has been found in Thunderbird versions prior to 60.2.1. If a user saved passwords before the move to a new password format and then later...
CVE-2018-12379 Medium No Arbitrary code execution
A security issue has been found in Thunderbird versions prior to 60.2.1. When the Mozilla Updater opens a MAR format file which contains a very long item...
CVE-2018-12378 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when an IndexedDB index is deleted while still in use...
CVE-2018-12377 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when refresh driver timers are refreshed in some...
CVE-2018-12376 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Thunderbird versions prior to 60.2.1.
Date Advisory Package Description
18 Oct 2018 ASA-201810-13 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/