AVG-965 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 60.6.1-2
Fixed 60.7.0-1
Current 68.3.0-1 [extra]
Ticket None
Created Wed May 22 14:43:52 2019
Issue Severity Remote Type Description
CVE-2019-18511 High Yes Same-origin policy bypass
An issue has been found in Thunderbird before 60.7.0, where cross- origin images can be read from a canvas element in violation of the same-origin policy...
CVE-2019-11698 Medium Yes Information disclosure
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark...
CVE-2019-11693 Critical Yes Arbitrary code execution
The bufferdata function in WebGL in Firefox before 67.0 and Thunderbird before 60.7.0 is vulnerable to a buffer overflow with specific graphics drivers on...
CVE-2019-11692 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when listeners are removed from the event listener manager...
CVE-2019-11691 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop,...
CVE-2019-9819 Critical Yes Arbitrary code execution
A vulnerability where a JavaScript compartment mismatch can occur in Firefox before 67.0 and Thunderbird before 60.7.0, while working with the fetch API,...
CVE-2019-9817 High Yes Same-origin policy bypass
In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be...
CVE-2019-9816 High Yes Access restriction bypass
A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in...
CVE-2019-9800 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 67.0 and Thunderbird before 60.7.0. Some of these bugs showed evidence of memory corruption and...
CVE-2019-7317 Low No Denial of service
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-5798 Medium Yes Information disclosure
An out-of-bounds read has been found in the Skia component of the chromium browser before 73.0.3683.75 and Thunderbird before 60.7.0.
Date Advisory Package Description
23 May 2019 ASA-201905-8 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/