Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:0160-1 Issue Date: 2019-01-25 CVE Numbers: CVE-2018-17466 CVE-2018-12405 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 -- This update upgrades Thunderbird to version 60.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) -- SL7 x86_64 thunderbird-60.4.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.4.0-1.el7_6.x86_64.rpm - Scientific Linux Development Team