Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:1624-1 Issue Date: 2019-06-27 CVE Numbers: None -- Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) -- SL6 x86_64 thunderbird-60.7.2-2.el6_10.x86_64.rpm thunderbird-debuginfo-60.7.2-2.el6_10.x86_64.rpm i386 thunderbird-60.7.2-2.el6_10.i686.rpm thunderbird-debuginfo-60.7.2-2.el6_10.i686.rpm - Scientific Linux Development Team