#11857: thunderbird-60.6.1
-------------------------+------------------------
Reporter: bdubbs | Owner: blfs-book
Type: enhancement | Status: new
Priority: highest | Milestone: 8.5
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------
Changes (by renodr):
* priority: normal => highest
Comment:
{{{
Security vulnerabilities fixed in Thunderbird 60.6.1
Announced
March 25, 2019
Impact
critical
Products
Thunderbird
Fixed in
Thunderbird 60.6.1
In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail, but
are potentially risks in browser or browser-like contexts.
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
Reporter
Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative
Impact
critical
Description
Incorrect alias information in IonMonkey JIT compiler for
Array.prototype.slice method may lead to missing bounds check and a buffer
overflow.
References
Bug 1537924
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
Reporter
Niklas Baumstark via Trend Micro's Zero Day Initiative
Impact
critical
Description
Incorrect handling of __proto__ mutations may lead to type confusion in
IonMonkey JIT code and can be leveraged for arbitrary memory read and
write.
References
Bug 1538006
}}}
Same two zero-days in Firefox
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11857#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
