Synopsis: Important: thunderbird security update Advisory ID: SLSA-2020:2906-1 Issue Date: 2020-07-14 CVE Numbers: None -- Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) -- SL7 x86_64 thunderbird-68.10.0-1.el7_8.x86_64.rpm thunderbird-debuginfo-68.10.0-1.el7_8.x86_64.rpm - Scientific Linux Development Team