It is not guaranteed that all information is accurate and complete. Warning: This site and all data are provided as is. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, Holger Fuhrmannek, Philipp, and Jurgen Gaeremyn as the original reporters. Red Hat would like to thank the Mozilla project for reporting these issues. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed.įor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385)
* Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379)
* Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) This update upgrades Thunderbird to version 60.2.1. Mozilla Thunderbird is a standalone mail and newsgroup client.
0 kommentar(er)
