AVG-908 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 60.5.0-1
Fixed 60.5.1-1
Current 128.5.2-2 [extra-testing]
128.5.1-1 [extra]
Ticket None
Created Wed Feb 20 08:29:58 2019
Issue Severity Remote Type Description
CVE-2019-5785 High Yes Arbitrary code execution
An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18509 High Yes Insufficient validation
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird before 60.5.1 as having a valid digital signature, even if...
CVE-2018-18356 High Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18335 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80 and thunderbird before 60.5.1.
Date Advisory Package Type
20 Feb 2019 ASA-201902-23 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/