CLD-702 Details

Other IDs this deficiency may be known by:

Other ID(s) fixed-in-60.7.2

Basic Information:

Affected Package(s) thunderbird
Deficiency Type SECURITY
Date Created 2019-07-14 09:48:40
Date Last Modified 2019-07-14 10:07:56

Version Specific Information:

Cucumber 1.1 i686 fixed in thunderbird-60.7.2-i686-1
Cucumber 1.1 x86_64 fixed in thunderbird-60.7.2-x86_64-1


This is an upstream bug and security fix release that fixes the following
	CVE-2019-11707: Type confusion in Array.pop
	CVE-2019-11708: sandbox escape using Prompt:Open
	CVE-2019-11703: Heap buffer overflow in icalparser.c
	CVE-2019-11704: Heap buffer overflow in icalvalue.c
	CVE-2019-11705: Stack buffer overflow in icalrecur.c
	CVE-2019-11706: Type confusion in icalproperty.c
	CVE-2019-9816: Type confusion with object groups and UnboxedObjects
	CVE-2019-11707: Type confusion in Array.pop
	CVE-2019-9817: Stealing of cross-domain images using canvas
	CVE-2019-9818: Use-after-free in crash generation server
	CVE-2019-9819: Compartment mismatch with fetch API
	CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
	CVE-2019-11691: Use-after-free in XMLHttpRequest
	CVE-2019-11692: Use-after-free removing listeners in the event listener
	CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
	CVE-2019-7317: Use-after-free in png_image_free of libpng library
	CVE-2019-9797: Cross-origin theft of images with createImageBitmap
	CVE-2018-18511: Cross-origin theft of images with
	CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
	CVE-2019-11698: Theft of user history data through drag and drop of
		hyperlinks to and from bookmarks
	CVE-2019-5798: Out-of-bounds read in Skia
	CVE-2019-9800: Memory safety bugs fixed in Firefox 67,
		Firefox ESR 60.7, and Thunderbird 60.7

For more information see: