AVG-908 log
| Package | thunderbird |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 60.5.0-1 |
| Fixed | 60.5.1-1 |
| Current |
144.0.1-2 [extra-testing] 144.0.1-1 [extra] |
| Ticket | None |
| Created | Wed Feb 20 08:29:58 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-5785 | High | Yes | Arbitrary code execution | An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1. |
| CVE-2018-18509 | High | Yes | Insufficient validation | A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird before 60.5.1 as having a valid digital signature, even if... |
| CVE-2018-18356 | High | Yes | Arbitrary code execution | A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1. |
| CVE-2018-18335 | Critical | Yes | Arbitrary code execution | A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80 and thunderbird before 60.5.1. |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 20 Feb 2019 | ASA-201902-23 | thunderbird | multiple issues |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/ |