CLD-597 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s) fixed-in-60.3, mfsa2018-28

Basic Information:

Affected Package(s) thunderbird
Deficiency Type SECURITY
Date Created 2018-11-04 09:09:01
Date Last Modified 2018-11-04 09:12:53

Version Specific Information:

Cucumber 1.0 i686 fixed in thunderbird-60.3.0-i686-1
Cucumber 1.0 x86_64 fixed in thunderbird-60.3.0-x86_64-1

Cucumber 1.1 i686 fixed in thunderbird-60.3.0-i686-1
Cucumber 1.1 x86_64 fixed in thunderbird-60.3.0-x86_64-1

Details:

Fixes several CVEs:

CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
CVE-2018-12392: Crash with nested event loops
CVE-2018-12393: Integer overflow during Unicode conversion while loading
	JavaScript
CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird
	60.3
CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and
	Thunderbird 60.3

See full details at
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/