Synopsis:          Important: thunderbird security update

Advisory ID:       SLSA-2019:1624-1

Issue Date:        2019-06-27

CVE Numbers:       None

--



Security Fix(es):



* Mozilla: Type confusion in Array.pop (CVE-2019-11707)



* thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in

icalrecur.c (CVE-2019-11705)



* Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)



* thunderbird: Heap buffer over read in icalparser.c parser_get_next_char

(CVE-2019-11703)



* thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote

function in icalvalue.c (CVE-2019-11704)



* thunderbird: Type confusion in icaltimezone_get_vtimezone_properties

function in icalproperty.c (CVE-2019-11706)



--



SL6

  x86_64

    thunderbird-60.7.2-2.el6_10.x86_64.rpm

    thunderbird-debuginfo-60.7.2-2.el6_10.x86_64.rpm

  i386

    thunderbird-60.7.2-2.el6_10.i686.rpm

    thunderbird-debuginfo-60.7.2-2.el6_10.i686.rpm



- Scientific Linux Development Team