Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:1726-1 Issue Date: 2018-05-24 CVE Numbers: CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5161 CVE-2018-5162 CVE-2018-5170 CVE-2018-5185 -- This update upgrades Thunderbird to version 52.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184) * Mozilla: Hang via malformed headers (CVE-2018-5161) * Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Filename spoofing for external attachments (CVE-2018-5170) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) * Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185) -- SL6 x86_64 thunderbird-52.8.0-2.el6_9.x86_64.rpm thunderbird-debuginfo-52.8.0-2.el6_9.x86_64.rpm i386 thunderbird-52.8.0-2.el6_9.i686.rpm thunderbird-debuginfo-52.8.0-2.el6_9.i686.rpm - Scientific Linux Development Team